A code injection vulnerability is reported to exist in phpMyAdmin installed by using the wizard.
config subdirectory is not removed after the phpMyAdmin installation, then hackers may create a
config.inc.php file by accessing
/scripts/setup.php and inject malicious code into the file to compromise the website.
- phpMyAdmin 2.11 <= 22.214.171.124
- phpMyAdmin 3.0 <= 126.96.36.199
Upgrade phpMyAdmin to the latest version from the official website.