phpMyAdmin Bringing MySQL to the web

PMASA-2011-4

Announcement-ID: PMASA-2011-4

Date: 2011-05-22

Summary

URL redirection to untrusted site.

Description

It was possible to redirect to an arbitrary, untrusted site, leading to a possible phishing attack.

Severity

We consider this vulnerability to be serious.

Affected Versions

The 3.4.0 version is affected.

Unaffected Versions

Older releases than 3.4.0 are not affected.

Solution

Upgrade to phpMyAdmin 3.4.1 or apply the related patch listed below.

References

This issue was found by Kian Mohageri.

Assigned CVE ids: CVE-2011-1941

CWE ids: CWE-661 CWE-601

Patches

The following commits have been made to fix this issue:

• b7a8179eb6bf0f1643970ac57a70b5b513a1cd4f
• ecfc8ba4f7b4ea612c58ab5726054ed0f28e200d

More information

For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.