A security update has been released for the phpMyAdmin database administration tool. The new versions are 2.11.9.6 and 3.2.2.1. According to the developers' advisory, the previous versions contain two programming flaws that potentially can be exploited for cross-site scripting (XSS) attacks and the injection of arbitrary SQL commands. The XSS vulnerability allows attackers to embed arbitrary JavaScript code into a victim's phpMyAdmin pages via specially crafted table names when a manipulated link is clicked. The SQL injection vulnerability is caused by a flaw in the processing of PDF export parameters that can usually only be triggered by authenticated users. The developers consider the vulnerabilities a threat and advise users to update.

details comment (0)

I had already negotiated with my friends and we group up to develop an open source ERP/MRP system which is simplicity and flexibility. After hide almost 6 years, I think I should do something instead of thinking out those of bad memories. Martin, let's rock and cheer up.

details comment (0)

CKEditor had already launch today.

details comment (0)

Total : 15 records - Each page has 3 records - Current page is 1 - Next

 

My Favorite

---

> PHP.net

> jQuery

> iPhone Development Center

About Rex

---

Virgo, Hong Kong Web Developer, Focus the latest technology on Web and Application Development.

Latest 5 Articals

---

> New versions of phpMyAdmin close security holes (0)

> Open Source ERP (0)

> CKEditor 3.0 (0)

> Why Are User Interfaces Programmed so Poorly? (0)

> Using (ab) ApacheBench to test Web Server Performance (0)

Ad

---

> Martin Kou's Homepage

> Ka Yue's Homepage

---

 Subscribe in a reader