#######

phpMyAdmin 3.x Conditional Session Manipulation

#############[ Advisory from ]###############

###############[ www.Xxor.se ]###############

Application: phpMyAdmin 3.x
Patched ver: 3.3.10.3 and 3.4.3.2
Severity:    Low
Exploitable: Remote
PMASA ID:    PMASA-2011-12

###############[ Description ]###############

If the Swekey extention is activated a remote attacker can manipulate the
variables in the the global namespace.

###############[ Fix ###############

Upgrade to version 3.3.10.3 or 3.4.3.2.
Or apply patches available at: http://www.phpmyadmin.net/home_page/security/

#################################[ Timeline ]##################################

2011-07-07 - Reported to vendor
2011-07-23 - Patch available
2011-07-24 - Disclosed

###############

Need to secure a PHP application? Get expert help. Let Xxor AB audit your code.
http://www.xxor.se/services/php-code-audit.php

###############