Bad IP Allow/Deny checking
We received a security advisory from Christian Schmidt, Peytz & Co. and we wish to thank him for his work. It was possible to get around IP-based Allow/Deny checking by faking proxy headers.
We consider this vulnerability to be serious.
Probably all versions to 2.9.1.
Upgrade to phpMyAdmin 18.104.22.168 or newer.
Assigned CVE ids: CVE-2006-6944
The following commits have been made to fix this issue:
For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.