Announcement-ID: PMASA-2007-1
Date: 2007-01-16
HTTP Response Splitting vulnerability
On systems running PHP 5 before 5.1.2 or PHP 4 before 4.4.2, it is possible to trigger this vulnerability by editing the cookie containing PHP's session id. This can be used to send malicious javascript or redirects.
We consider this vulnerability to be serious.
Probably all versions to 2.9.1.1.
Upgrade to phpMyAdmin 2.9.2 or newer.
http://www.securityfocus.com/archive/1/453432
Assigned CVE ids: CVE-2006-6374
The following commits have been made to fix this issue:
For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.