phpMyAdmin is prone to a remote PHP code-injection vulnerability and to a cross-site scripting vulnerability. An attacker can exploit this issue to inject and execute arbitrary malicious PHP code in the context of the webserver process. This may facilitate a compromise of the application and the underlying system other attacks are also possible. Versions prior to phpMyAdmin 2.11.9.5 and 3.1.3.1 are vulnerable.

Vendor updates are available. Please see http://www.phpmyadmin.net for more Information.

• http://www.securityfocus.com/bid/34236
• http://www.securityfocus.com/bid/34251

---

Updated on 2015-03-25