Possible session manipulation in Swekey authentication.
It was possible to manipulate the PHP session superglobal using some of the Swekey authentication code. This could open a path for other attacks.
We consider this vulnerability to be critical.
The 3.4.3 and earlier versions are affected.
Branch 2.11.x is not affected by this.
Upgrade to phpMyAdmin 18.104.22.168 or 22.214.171.124 or apply the related patch listed below.
This issue was found by Frans Pehrson from Xxor AB. His advisory.
Assigned CVE ids: CVE-2011-2505
The following commits have been made to fix this issue:
The following commits have been made on the 3.3 branch to fix this issue:
For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.