[Phpmyadmin-devel] PhpMysql

Marc Delisle marc at infomarc.info
Thu Jul 26 12:36:35 CEST 2012

Le 2012-07-26 04:18, Atirek Goyal a écrit :
> Hi,
> Here is some error My scanner find here is the Description à
> “The version of phpMyAdmin hosted on the remote server is 3.4.x prior
> to 3.4.8 and is affected by a cross‑site scripting vulnerability. The
> database name is not properly sanitized in the file 
> 'js/db_operations.js' when attempting to rename a database. Note that
> this version is reportedly affected by several other cross‑ site
> scripting vulnerabilities. However, Site Scanner has not tested for
> these vulnerabilities.”
> And they told me for the solution..
> “Either apply the vendor patches or upgrade to phpMyAdmin version 
> 3.4.8 or later.”

> è Here I am not able to update the version of phpMyAdmin currently I
> am using 3.4.5 version please suggest me how to “apply the vendor
> patches”.

applying the patches implies having write access to the directory where
phpMyAdmin is installed, so it would be easier to just update the version.
In other words, if you don't have access to update the version, you
don't have access to patch your current version either.

Marc Delisle

More information about the Developers mailing list