"The phpMyAdmin developers have released versions 220.127.116.11 and 18.104.22.168
of their database administration tool; these are security updates that
fix a total of four security holes. Rated as "highly critical" by
Secunia, the vulnerabilities include a session manipulation bug in
Swekey authentication that could be exploited to overwrite session
variables, a possible code injection hole in the setup script and a
regular expression quoting problem in Synchronize code.
According to the developers, the above vulnerabilities could lead to the
injection and execution of arbitrary code. Versions 3.4.3 and and
earlier are reportedly affected – the 2.11.x branch is not affected. A
directory traversal vulnerability related to the filtering of a file
path in the MIME-type transformation code which affects all previous
versions has also been closed. All users are advised to update to the
latest versions. Alternatively, users can apply the provided patches."