Bringing MySQL to the web


Announcement-ID: PMASA-2011-5

Date: 2011-07-02

Updated: 2011-07-03


Possible session manipulation in Swekey authentication.


It was possible to manipulate the PHP session superglobal using some of the Swekey authentication code. This could open a path for other attacks.


We consider this vulnerability to be critical.

Affected Versions

The 3.4.3 and earlier versions are affected.

Unaffected Versions

Branch 2.11.x is not affected by this.


Upgrade to phpMyAdmin or or apply the related patch listed below.


This issue was found by Frans Pehrson from Xxor AB. His advisory.

Assigned CVE ids: CVE-2011-2505

CWE ids: CWE-473 CWE-661


The following commits have been made to fix this issue:

The following commits have been made on the 3.3 branch to fix this issue:

More information

For further information and in case of questions, please contact the phpMyAdmin team. Our website is