This is going to be a “phpMyAdmin code execution vulnerability” Blog 
. No, seriously I’ve been really busy, working for new projects, the whole blabla story .
But, I’ve recently found two LFI’s and one RCE and some XSS in phpMyAdmin’s latest versions: 3.4.0 – 3.4.3.1.
Because they did not include the link to my advisories, I’ll make them available here, enjoy 
- http://fd.the-wildcat.de/pma_e36a5a6e5c.php – phpMyAdmin RCE and LFI and XSS
- http://fd.the-wildcat.de/pma_e36a587a73.php – phpMyAdmin LFI
- http://fd.the-wildcat.de/pma_e36a2af427.php – phpMyAdmin – XSS
- And, as always thanks to Marc Delisle for the prompt reaction
- PMASA-2011-9
- PMASA-2011-10
- PMASA-2011-11
Need help securing your (web) applications? Write an e-mail to wildcat at the-wildcat dot de
July 27th, 2011 16:22
Since there is at least one critical unknown bug in every non trivial software and since open source means you can actually have a look into the code, there is no secure open source software, nor is there any other software that is…
…not even wordpress
July 27th, 2011 16:30
Especially not wordpress
I’ve never expected phpMyAdmin to be secure, nor any other software. Opensource or not.
That’s why I’m looking into opensource software, to help make it a bit more secure