edit-icon download-icon

[Vulnerability notice] Code injection vulnerability in phpMyAdmin

Last Updated: Nov 17, 2017

Description

A code injection vulnerability is reported to exist in phpMyAdmin installed by using the wizard.

If the config subdirectory is not removed after the phpMyAdmin installation, then hackers may create a config.inc.php file by accessing /scripts/setup.php and inject malicious code into the file to compromise the website.

Affected versions

  • phpMyAdmin 2.11 <= 2.11.9.5
  • phpMyAdmin 3.0 <= 3.1.3.1

Fix

Upgrade phpMyAdmin to the latest version from the official website.

Thank you! We've received your feedback.