edit-icon download-icon

[Vulnerability notice] Code injection vulnerability in phpMyAdmin

Last Updated: Nov 17, 2017


A code injection vulnerability is reported to exist in phpMyAdmin installed by using the wizard.

If the config subdirectory is not removed after the phpMyAdmin installation, then hackers may create a config.inc.php file by accessing /scripts/setup.php and inject malicious code into the file to compromise the website.

Affected versions

  • phpMyAdmin 2.11 <=
  • phpMyAdmin 3.0 <=


Upgrade phpMyAdmin to the latest version from the official website.

Thank you! We've received your feedback.