PMASA-2006-9
Announcement-ID: PMASA-2006-9
Date: 2006-11-17
Summary
Bad IP Allow/Deny checking
Description
We received a security advisory from Christian Schmidt, Peytz & Co. and we wish to thank him for his work. It was possible to get around IP-based Allow/Deny checking by faking proxy headers.
Severity
We consider this vulnerability to be serious.
Affected Versions
Probably all versions to 2.9.1.
Solution
Upgrade to phpMyAdmin 2.9.1.1 or newer.
References
Assigned CVE IDs: CVE-2006-6944
Patches
The following commits have been made to fix this issue:
More information
For further information and in case of questions, please contact the phpMyAdmin security team at security@phpmyadmin.net.
Announcements
PMASA-2016-71
PMASA-2016-70
PMASA-2016-69
PMASA-2016-68
PMASA-2016-67
PMASA-2016-66
PMASA-2016-65
PMASA-2016-64
PMASA-2016-63
PMASA-2016-62
PMASA-2016-61
PMASA-2016-60
PMASA-2016-59
PMASA-2016-58
PMASA-2016-57
PMASA-2016-56
PMASA-2016-55
PMASA-2016-54
PMASA-2016-53
PMASA-2016-52
PMASA-2016-51
PMASA-2016-50
PMASA-2016-49
PMASA-2016-48
PMASA-2016-47
PMASA-2016-46
PMASA-2016-45
PMASA-2016-44
PMASA-2016-43
PMASA-2016-42
PMASA-2016-41
PMASA-2016-40
PMASA-2016-39
PMASA-2016-38
PMASA-2016-37
PMASA-2016-36
PMASA-2016-35
PMASA-2016-34
PMASA-2016-33
PMASA-2016-32
PMASA-2016-31
PMASA-2016-30
PMASA-2016-29
PMASA-2016-28
PMASA-2016-27
PMASA-2016-26
PMASA-2016-25
PMASA-2016-24
PMASA-2016-23
PMASA-2016-22
PMASA-2016-21
PMASA-2016-20
PMASA-2016-19
PMASA-2016-18
PMASA-2016-17
PMASA-2016-16
PMASA-2016-15
PMASA-2016-14
PMASA-2016-13
PMASA-2016-12
PMASA-2016-11
PMASA-2016-10
PMASA-2016-9
PMASA-2016-8
PMASA-2016-7
PMASA-2016-6
PMASA-2016-5
PMASA-2016-4
PMASA-2016-3
PMASA-2016-2
PMASA-2016-1