Results 1 to 5 of 5

Thread: Alert: phpMyAdmin Vulnerability Discovered

  1. September 17th, 2008, 06:45 PM #1
    phernandez
    phernandez is offline
    Senior Member phernandez's Avatar
    Join Date
    Aug 2003
    Location
    NYC
    Posts
    246

    Alert: phpMyAdmin Vulnerability Discovered

    FYI MySQL devs/admins. Looks like phpMyAdmin 2.11.9.0 and 3.0.0 RC1 have a pretty serious vulnerability. Upgrade today!

    Serious vulnerability in phpMyAdmin [Update] - Heise Security

    The advisory released by the phpMyAdmin developers stated the problem was that parameters of sort_by were not escaped and an attacker, if they were already logged in, could manipulate this to call the PHP exec function and run arbitrary code. The vulnerability was discovered by Norman Hippert in 3.0.0 RC1 initially, and checking showed that previous versions were also affected.
    http://www.eITplanet.com | http://blog.eITplanet.com/green
    Reply With Quote Reply With Quote
  2. September 18th, 2008, 05:29 AM #2
    HTRegz
    HTRegz is offline
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,915
    Is this really that big of an issue? How many people have access to your phpMyAdmin installation? In my case, I'm the only one who has login credentials for any of my servers... and from the article.

    an attacker, if they were already logged in, could manipulate this to call the PHP exec function and run arbitrary code.
    An issue? Yes... A big issue? Not so much.
    Reply With Quote Reply With Quote
  3. September 19th, 2008, 12:44 AM #3
    t34b4g5
    t34b4g5 is offline
    Senior Member t34b4g5's Avatar
    Join Date
    Sep 2003
    Location
    Australia.
    Posts
    2,391

    Exclamation

    Quote Originally Posted by HTRegz
    An issue? Yes... A big issue? Not so much.
    Couldn't have said it better myself. Well the wording is better then what i was thinking of using.
    Reply With Quote Reply With Quote
  4. September 19th, 2008, 07:01 PM #4
    phernandez
    phernandez is offline
    Senior Member phernandez's Avatar
    Join Date
    Aug 2003
    Location
    NYC
    Posts
    246
    Why, you...
    http://www.eITplanet.com | http://blog.eITplanet.com/green
    Reply With Quote Reply With Quote
  6. September 24th, 2008, 05:21 AM #5
    Und3ertak3r
    Und3ertak3r is offline
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,744
    Quote Originally Posted by HTRegz
    Is this really that big of an issue? How many people have access to your phpMyAdmin installation? In my case, I'm the only one who has login credentials for any of my servers... and from the article.



    An issue? Yes... A big issue? Not so much.
    Thanks HT for putting that into perspective


    (so the reality is it is a Quiet News week type of serious Issue.. )
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Similar Threads

  1. Browser Security Test
    By therenegade in forum Web Security
    Replies: 13
    Last Post: April 1st, 2005, 09:03 AM
  2. October MS updates
    By mohaughn in forum Microsoft Security Discussions
    Replies: 2
    Last Post: October 13th, 2004, 04:31 AM
  3. Securing Windows 2000 and IIS
    By spools.exe in forum Microsoft Security Discussions
    Replies: 0
    Last Post: September 15th, 2003, 09:47 PM
  4. NEWS: SANS Critical Vulnerability Report
    By xmaddness in forum Miscellaneous Security Discussions
    Replies: 0
    Last Post: January 28th, 2003, 09:12 PM
  5. IIS Vulnerability Alert
    By xmaddness in forum Microsoft Security Discussions
    Replies: 1
    Last Post: May 8th, 2002, 01:34 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules