Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Secunia.com:
phpMyAdmin Cross-Site Scripting Vulnerabilities
Apr 24, 2007 @ 16:48:00

The Zend Developer Zone has pointed out a new cross-site scripting vulnerability just released with the popular phpMyAdmin database management package.

According to Secunia's release on the issue:

Input passed to the "fieldkey" parameter in browse_foreigners.php and input passed to the "PMA_sanitize()" function is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

This problem is in all versions prior to 2.10.1, so users should update immediately to keep themselves and their data safe.

tagged: phpmyadmin crosssitescripting vulnerability sanitize update phpmyadmin crosssitescripting vulnerability sanitize update

Link: