phpMyAdmin Code execution vulnerability
September 15th, 2008
If you use phpMyAdmin you may not update as regularly as you should. It seems like every week they come out with an update. The thing about phpMyAdmin is they have updates because exploits are released, but when they update they add a bunch of features. These features, you may like or you may hate. Either way, your forced to update if you don’t want to be left exploited. Here is the “Fix list” for 2.11.9.1:
- bug #2031221 [auth] Links to version number on login screen
- bug #2032707 [core] PMA does not start if ini_set() is disabled
- bug #2004915 [bookmarks] Saved queries greater than 1000 chars
not displayed
- bug #2037381 [export] Export type “replace” does not work
- bug #2037375 [export] DROP PROCEDURE needs IF EXISTS
- bug #2045512 [export] Numbers in Excel export
+ [lang] Norwegian UTF-8 original file remerged
- bug #2074250 [parser] Undefined variable seen_from
- (2.11.9.1) [security] Code execution vulnerability
Now, I’ve removed the colors and formatting. They haven’t added any features in this one, its just a bug fix release. They put the [security] fix on the bottom, which to me is more important then any of the other “bugs”. The bugs are not in order, so I’m wondering why they put security at the bottom. Anyhow, a code execution vulnerability is not good, so update before you get owned.
Entry Filed under: Vulnerabilities, Web Application Security
Trackback this post