Ec (2); Release Date: 2008-03-01 updated: 2008-03-04 affected system: phpMyAdminphpMyAdmin & lt; 2.11.5 unaffected system: phpMyAdminphpMyAdmin2.11.5 Description: BUGTRAQID: 28068phpMyAdmin is a tool written in PHP, used to manage MySQL through the WEB. PhpMyAdmin uses $ _ REQUES script ec (2); script
Release date: 2008-03-01
Updated on: 2008-03-04
Affected Systems:
PhpMyAdmin <2.11.5
Unaffected system:
PhpMyAdmin 2.11.5
Description:
Bugtraq id: 28068
PhpMyAdmin is a PHP tool used to manage MySQL through the WEB.
PhpMyAdmin uses $ _ REQUEST instead of $ _ GET and $ _ POST variables as the parameter source, and uses parameters in SQL queries without filtering. If a user is cheated to access a malicious website, this may cause SQL injection attacks.
PhpMyAdmin: the vendor has released an upgrade patch to fix this security problem. Please download it from the vendor's homepage:
Http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-2.11.5-all-languages.tar.bz2? Download