PhpMyAdmin $ _ REQUEST parameter SQL Injection Vulnerability Found. read The phpMyAdmin $ _ REQUEST parameter to find the SQL Injection Vulnerability. Release Date: 2008-03-01 Updated: 2008-03-04 affected system: phpMyAdminphpMyAdmin2.11.5 not affected system: phpMyAdminphpMyAd
Release date: 2008-03-01
Updated on: 2008-03-04
Affected systems:
PhpMyAdmin <2.11.5
Unaffected system:
PhpMyAdmin 2.11.5
Description:
Bugtraq id: 28068
PhpMyAdmin is a PHP tool used to manage MySQL through the WEB.
PhpMyAdmin uses $ _ REQUEST instead of $ _ GET and $ _ POST variables as the parameter source, and uses parameters in SQL queries without filtering. if a user is cheated to access a malicious website, this may cause SQL injection attacks.
PhpMyAdmin: the vendor has released an upgrade patch to fix this security problem. Please download it from the vendor's homepage:
Http://prdownloads.sourceforge.net/phpmyadmin/phpMyAdmin-2.11.5-all-languages.tar.bz2? Download