FutureQuest has discovered a number of recent security exploits to phpMyAdmin installations. Recent security bulletins (http://www.phpmyadmin.net/home_page/security/) from the Authors of phpMyAdmin indicate that various vulnerabilities affect all versions of phpMyAdmin prior to 3.2.2.1.

The current version of phpMyAdmin is 3.3.7 (http://www.phpmyadmin.net/home_page/) and we encourage all site owners that have installed phpMyAdmin to ensure they have the most current version installed. Note that recent versions of phpMyAdmin require MySQL5 and if you have not upgraded a package to MySQL5 yet you would need to request an upgrade (http://www.aota.net/forums/showthread.php?postid=154793#post154793) prior to installing the upgrade for phpMyAdmin.

Additionally it is Strongly Recommended that all phpMyAdmin installations be password protected as regardless of the Authentication Method utilized almost all exploited phpMyAdmin installations require access that simple password protection (http://Service.FutureQuest.net/kb19) would have prevented.

***Regardless of the Authorization Method chosen when installing phpMyAdmin it is Highly Recommended to password protect the installation directory.***

The FutureQuest Team