Announcement-ID: PMASA-2005-6
Date: 2005-11-15
HTTP Response Splitting vulnerability
Some scripts in phpMyAdmin are vulnerable to an HTTP Response Splitting attack.
We consider these vulnerabilities to be serious. However, they can only be triggered on systems running with <tt>register_globals = on</tt>.
We did not make an extensive verification on this. Probably all previous versions, and version 2.7.0-beta1 are affected.
Upgrade to phpMyAdmin 2.6.4-pl4.
Assigned CVE ids: CVE-2005-3621
For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.