phpMyAdmin security vulnerability

SierraMyk

New Member
I have been reading articles about a vulnerability in phpMyAdmin versions prior to 4.7.7. Is there a planned update for phpMyAdmin, or are there actions we need to take ourselves to get the latest?
 

KH-Jonathan

Director of Managed Services
Staff member
This does not seem to affect cPanel, as cPanel uses token-based logins for PhpMyAdmin and it would be difficult for an attacker to craft a malicious link that works with cPanel's sessions. cPanel staff has confirmed this, and you can read more about this here:

--
https://forums.cpanel.net/threads/pmasa-2017-9-xsrf-csrf-vulnerability-in-phpmyadmin.618971/
--

In short, because PhpMyAdmin requires cPanel or WHM authentication before it will work, this vulnerability should not apply to you. However, cPanel plans to release PhpMyAdmin 4.7.7 in a future version update. Let me know if you have any other questions.
 

onliveserver

New Member
Hii,

it's need to update the latest phpmyadmin version, baecasue WHM/Cpanel community update to itself continuously, if customised software is not updated then it play security vulnerability, and sometimeit happened DDS attacked.
 
Top