04 March 2008, 11:15

Update for phpMyAdmin

The developers of the widely used phpMyAdmin MySQL administration tool have released an updated version, 2.11.5, which closes an SQL injection vulnerability. Since phpMyAdmin uses the $_REQUEST variable array instead of $_GET or $_POST for reading the parameter list, it is possible on some servers for a user's cookies to become confused. This allows attackers to set their own cookies in visitors' browsers using a page on the same server. Apparently, another application can set an sql_query name for the root path via a cookie, thus overwriting the user's SQL query.

The developers classify this as a serious security problem. A patch is also available as an alternative to the update: this prevents cookies being contained in the $_REQUEST array. In addition to this vulnerability, the developers have also eliminated various other errors.

Channels

Services

Update for phpMyAdmin

Also on The H:

Kernel Log: Coming in 3.10 (Part 4) - Drivers

The trouble with "Business Source"

Kernel Log: Coming in 3.10 (Part 3) - Infrastructure

Whatever happened to Google?

What's new in SUSE Linux Enterprise 11 SP3

What's new in Fedora 19

What's new in Linux 3.10

Free Software post-PRISM

Content Security Policy halts XSS in its tracks

Skype's ominous link checking: Facts and speculation

Password protection for everyone

Two clicks for more privacy

Java EE 7 at a glance

Continuous database migration with Liquibase and Flyway

Unit testing with Node.js

Ruby 2.0 - the 20th birthday present

Linux Mint 15: A better Ubuntu for the desktop

What's new in Linux 3.9

Replacing Google Reader

Attacking TrueCrypt

The H

The H Open

The H Security

The H Developer

The H Internet Toolkit