[Phpmyadmin-devel] PhpMysql
Marc Delisle
marc at infomarc.info
Thu Jul 26 13:04:34 CEST 2012
Le 2012-07-26 06:43, Atirek Goyal a écrit :
> Hi Marc,
>
> I have access to update the version.. But my problem is I am using
> Xampp and its latest version have phpMyAdmin 3.4.5 And it may create
> problem to update the version of phpMyAdmin..
I don't see which problem it would create.
By the way, please stop this discussion right here. For further help,
contact XAMPP support.
>
> Suggest me the best way..
>
> Thanks, Ati
>
> -----Original Message----- From: Marc Delisle
> [mailto:marc at infomarc.info] Sent: Thursday, July 26, 2012 4:07 PM To:
> phpmyadmin-devel at lists.sourceforge.net Subject: Re:
> [Phpmyadmin-devel] PhpMysql
>
> Le 2012-07-26 04:18, Atirek Goyal a écrit :
>> Hi,
>>
>>
>>
>> Here is some error My scanner find here is the Description à
>>
>>
>>
>> “The version of phpMyAdmin hosted on the remote server is 3.4.x
>> prior to 3.4.8 and is affected by a cross‑site scripting
>> vulnerability. The database name is not properly sanitized in the
>> file 'js/db_operations.js' when attempting to rename a database.
>> Note that this version is reportedly affected by several other
>> cross‑ site scripting vulnerabilities. However, Site Scanner has
>> not tested for these vulnerabilities.”
>>
>>
>>
>> And they told me for the solution..
>>
>>
>>
>> “Either apply the vendor patches or upgrade to phpMyAdmin version
>> 3.4.8 or later.”
>
>> è Here I am not able to update the version of phpMyAdmin currently
>> I am using 3.4.5 version please suggest me how to “apply the
>> vendor patches”.
>
> Hi, applying the patches implies having write access to the directory
> where phpMyAdmin is installed, so it would be easier to just update
> the version. In other words, if you don't have access to update the
> version, you don't have access to patch your current version either.
>
--
Marc Delisle
http://infomarc.info
More information about the Developers
mailing list