Cross-Site Scripting, local and remote code execution vulnerabilities
Two days after the release of version 2.7.0, we received a security advisory from Stefan Esser (firstname.lastname@example.org) and we wish to thank him for his work. It is possible to overwrite the global import_blacklist variable to open phpMyAdmin 2.7.0 to those vulnerabilities.
We consider these vulnerabilities to be serious.
Only the unpatched 2.7.0 version.
Upgrade to phpMyAdmin 2.7.0-pl1 or newer.
Assigned CVE ids: CVE-2005-4079
The following commits have been made to fix this issue:
For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.