A code injection vulnerability is reported to exist in phpMyAdmin installed by using the wizard.
config subdirectory is not removed after the phpMyAdmin installation, then hackers may create a
config.inc.php file by accessing
/scripts/setup.php and inject malicious code into the file to compromise the website.
- phpMyAdmin 2.11 <= 184.108.40.206
- phpMyAdmin 3.0 <= 220.127.116.11
Upgrade phpMyAdmin to the latest version from the official website.