phpMyAdmin security announcements

PMASA-2010-3

phpMyAdmin devel team — 2010-01-15T00:00:00+00:00

Unsafe usage of unserialize function.

Affected Versions

For 2.11.x: versions before 2.11.10 are affected.

CVE ID

CVE-2009-4605

PMASA-2010-2

phpMyAdmin devel team — 2010-01-15T00:00:00+00:00

Unsafe handling of temporary files

Affected Versions

For 2.11.x: versions before 2.11.10 are affected.

CVE ID

CVE-2008-7252

PMASA-2010-1

phpMyAdmin devel team — 2010-01-15T00:00:00+00:00

Unsafe handling of temporary directory

Affected Versions

For 2.11.x: versions before 2.11.10 are affected.

CVE ID

CVE-2008-7251

PMASA-2009-6

phpMyAdmin devel team — 2009-10-13T00:00:00+00:00

XSS and SQL injection vulnerabilities

Affected Versions

For 2.11.x: versions before 2.11.9.6 are affected. For 3.x: versions before 3.2.2.1 are affected.

CVE ID

CVE-2009-3696

CVE-2009-3697

PMASA-2009-5

phpMyAdmin devel team — 2009-06-30T00:00:00+00:00

XSS vulnerability

Affected Versions

For 2.11.x: versions are not affected. For 3.x: All 3.x releases on which the "bookmarks" feature is active are affected.

CVE ID

CVE-2009-2284

PMASA-2009-4

phpMyAdmin devel team — 2009-04-14T00:00:00+00:00

Insufficient output sanitizing when generating configuration file.

Affected Versions

For 2.11.x: versions are not affected. For 3.x: versions before 3.1.3.2.

CVE ID

CVE-2009-1285

PMASA-2009-3

phpMyAdmin devel team — 2009-03-24T00:00:00+00:00

Insufficient output sanitizing when generating configuration file.

Affected Versions

For 2.11.x: versions before 2.11.9.5. For 3.x: versions before 3.1.3.1.

CVE ID

CVE-2009-1151

PMASA-2009-2

phpMyAdmin devel team — 2009-03-24T00:00:00+00:00

Cross-site scripting on export page using cookies.

Affected Versions

For 2.11.x: versions before 2.11.9.5. For 3.x: versions before 3.1.3.1.

CVE ID

CVE-2009-1150

PMASA-2009-1

phpMyAdmin devel team — 2009-03-24T00:00:00+00:00

HTTP Response Splitting and file inclusion vulnerability.

Affected Versions

For 2.11.x: not affected as it lacks BLOB streaming support. For 3.x: versions since 3.1.0.0 and before 3.1.3.1.

CVE ID

CVE-2009-1148

CVE-2009-1149

PMASA-2008-10

phpMyAdmin devel team — 2008-12-09T00:00:00+00:00

SQL injection through XSRF on several pages

Affected Versions

For 2.11.x: versions before 2.11.9.4. For 3.x: versions before 3.1.1.0.

CVE ID

CVE-2008-5621

CVE-2008-5622