phpMyAdmin security announcements http://www.phpmyadmin.net/security/ phpMyAdmin security announcements en-us phpMyAdmin devel team 2013-05-20T05:22:03+00:00 http://www.phpmyadmin.net/home_page/security/PMASA-2013-5.php http://www.phpmyadmin.net/home_page/security/PMASA-2013-5.php PMASA-2013-5 2013-04-24T00:00:00+00:00 phpMyAdmin devel team phpMyAdmin security Global variables overwrite in "export.php".

Affected Versions

phpMyAdmin versions 4.x (prior to 4.0.0-rc3).

CVE ID

CVE-2013-3241

]]> http://www.phpmyadmin.net/home_page/security/PMASA-2013-4.php http://www.phpmyadmin.net/home_page/security/PMASA-2013-4.php PMASA-2013-4 2013-04-24T00:00:00+00:00 phpMyAdmin devel team phpMyAdmin security Local file inclusion vulnerability.

Affected Versions

phpMyAdmin versions 4.x (prior to 4.0.0-rc3).

CVE ID

CVE-2013-3240

]]> http://www.phpmyadmin.net/home_page/security/PMASA-2013-3.php http://www.phpmyadmin.net/home_page/security/PMASA-2013-3.php PMASA-2013-3 2013-04-24T00:00:00+00:00 phpMyAdmin devel team phpMyAdmin security Locally Saved SQL Dump File Multiple File Extension Remote Code Execution.

Affected Versions

Versions 3.5.x and 4.0.0 (before -rc3) are affected.

CVE ID

CVE-2013-3239

]]> http://www.phpmyadmin.net/home_page/security/PMASA-2013-2.php http://www.phpmyadmin.net/home_page/security/PMASA-2013-2.php PMASA-2013-2 2013-04-24T00:00:00+00:00 phpMyAdmin devel team phpMyAdmin security Remote code execution via preg_replace().

Affected Versions

Versions 3.5.x and 4.0.0 (before -rc3) are affected.

CVE ID

CVE-2013-3238

]]> http://www.phpmyadmin.net/home_page/security/PMASA-2013-1.php http://www.phpmyadmin.net/home_page/security/PMASA-2013-1.php PMASA-2013-1 2013-04-18T00:00:00+00:00 phpMyAdmin devel team phpMyAdmin security XSS due to unescaped HTML output in GIS visualisation page.

Affected Versions

Versions 3.5.x are affected.

CVE ID

CVE-2013-1937

]]> http://www.phpmyadmin.net/home_page/security/PMASA-2012-7.php http://www.phpmyadmin.net/home_page/security/PMASA-2012-7.php PMASA-2012-7 2012-10-12T00:00:00+00:00 phpMyAdmin devel team phpMyAdmin security Fetching the version information from a non-SSL site is vulnerable to a MITM attack.

Affected Versions

Versions 3.5.x before 3.5.3 are affected.

CVE ID

CVE-2012-5368

]]> http://www.phpmyadmin.net/home_page/security/PMASA-2012-6.php http://www.phpmyadmin.net/home_page/security/PMASA-2012-6.php PMASA-2012-6 2012-10-12T00:00:00+00:00 phpMyAdmin devel team phpMyAdmin security Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages.

Affected Versions

Versions 3.5.x are affected.

CVE ID

CVE-2012-5339

]]> http://www.phpmyadmin.net/home_page/security/PMASA-2012-5.php http://www.phpmyadmin.net/home_page/security/PMASA-2012-5.php PMASA-2012-5 2012-09-25T00:00:00+00:00 phpMyAdmin devel team phpMyAdmin security One server from the SourceForge.net mirror system was distributing a phpMyAdmin kit containing a backdoor.

Affected Versions

We currently know only about being affected, check if your download contains a file named .

CVE ID

CVE-2012-5159

]]> http://www.phpmyadmin.net/home_page/security/PMASA-2012-4.php http://www.phpmyadmin.net/home_page/security/PMASA-2012-4.php PMASA-2012-4 2012-08-16T00:00:00+00:00 phpMyAdmin devel team phpMyAdmin security Multiple XSS in Table operations, Database structure, Trigger and Visualize GIS data pages.

Affected Versions

Versions 3.4.x are affected, for issues #1 and #2. Versions 3.5.x are affected, for all issues.

CVE ID

CVE-2012-4345

]]> http://www.phpmyadmin.net/home_page/security/PMASA-2012-3.php http://www.phpmyadmin.net/home_page/security/PMASA-2012-3.php PMASA-2012-3 2012-08-09T00:00:00+00:00 phpMyAdmin devel team phpMyAdmin security Path disclosure due to missing library.

Affected Versions

Versions 3.5.x before 3.5.2.1 are affected.

CVE ID

CVE-2012-4219

]]>