PMASA-2011-2
Announcement-ID: PMASA-2011-2
Date: 2011-02-11
Summary
SQL query could be executed under another user.
Description
It was possible to create a bookmark which would be executed unintentionally by other users.
Severity
We consider this vulnerability to be critical.
Mitigation factor
To use this vulnerability, phpMyAdmin configuration storage needs to be set up and enabled and bookmarks function needs to be enabled.
Affected Versions
The 2.11.x and 3.3.x versions are affected.
Solution
Upgrade to phpMyAdmin 3.3.9.2 or newer (2.11.11.3 or newer for the older family) or apply the related patch listed below.
References
This issue was found by Michal Čihař.
Assigned CVE IDs: CVE-2011-0987
Patches
The following commits have been made to fix this issue:
The following commits have been made on the 2.11 branch to fix this issue:
More information
For further information and in case of questions, please contact the phpMyAdmin security team at security@phpmyadmin.net.