PMASA-2011-4

Announcement-ID: PMASA-2011-4

Date: 2011-05-22

Summary

URL redirection to untrusted site.

Description

It was possible to redirect to an arbitrary, untrusted site, leading to a possible phishing attack.

Severity

We consider this vulnerability to be serious.

Affected Versions

The 3.4.0 version is affected.

Unaffected Versions

Older releases than 3.4.0 are not affected.

Solution

Upgrade to phpMyAdmin 3.4.1 or apply the related patch listed below.

References

This issue was found by Kian Mohageri.

Assigned CVE ids: CVE-2011-1941

CWE ids: CWE-661 CWE-601

Patches

The following commits have been made to fix this issue:

More information

For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.

Announcements