Popular MySQL administration tool phpMyAdmin has received fixes for vulnerabilities that could allow attackers to inject and execute arbitrary code. Termed as security releases by the developers, the latest versions phpMyAdmin 18.104.22.168 and 22.214.171.124
phpMyAdmin versions prior to 126.96.36.199 and 188.8.131.52 are affected by these vulnerabilities. Secunia clarifies that branch 2.11.x of phpMyAdmin is not affected by the vulnerabilities. The developers recommend that all users using older phpMyAdmin versions immediately update to the new versions.
According to Secunia, the vulnerable phpMyAdmin functions include Swekey_login(),PMA_createTargetTables() and PMA_displayTableBody(). The firm also reported a setup script vulnerability that could allow arbitrary PHP code injection. More details about these vulnerabilities are available at the Secunia advisory.