Multiple XSS in the Tracking feature.
Missing sanitization on the table, column and index names leads to XSS vulnerabilities.
We consider this vulnerability to be serious.
An attacker must be logged in via phpMyAdmin to exploit this problem.
Versions 3.3.0 to 220.127.116.11 are affected.
Upgrade to phpMyAdmin 18.104.22.168 or 3.4.4 or apply the related patch listed below.
This issue was found by Norman Hippert from The-Wildcat.de.
Assigned CVE ids: CVE-2011-3181
The following commits have been made to fix this issue:
The following commits have been made on the 3.3 branch to fix this issue:
For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.