December 10, 2016

PhpMyAdmin Project Releases Security Update

(LiveHacking.Com) – The phpMyAdmin team has released versions 3.4.3.2 and 3.3.10.3 of the phpMyAdmin open source database administration tool.

The new versions patched a total of four security holes in phpMyAdmin. According to the phpMyAdmin project website, the security releases address two “critical” vulnerabilities that could lead to possible session manipulation in swekey authentication or remote code execution. Further, a critical bug that could allow an intruder to perform a local file inclusion have been fixed in this version.

All users are advised to update to the latest versions. The new versions of phpMyAdmin are available to download from the project website. phpMyAdmin is licensed under version 2 of the GNU General Public License.

phpMyAdmin 3.3.10.2 and 3.4.3.1 Released – Multiple Vulnerabilities Fixed

The phpMyAdmin development team has released versions 3.3.10.2 and 3.4.3.1 of their database administration tool.

These updates are for four critical security vulnerabilities, include a session manipulation bug in Swekey authentication, a possible code injection issue in the setup script and a regular expression quoting problem in Synchronize code. With reference to the project website, these security issues could lead to the code injection and execution of arbitrary code.

Further, a directory traversal vulnerability related to the filtering of a file path in the MIME-type transformation code in these versions have been fixed.

The new versions of phpMyAdmin are available to download from the project website. phpMyAdmin is licensed under version 2 of the GNU General Public License.