phpMyAdmin security vulnerability

Discussion in 'Security' started by SierraMyk, Jan 8, 2018.

  1. SierraMyk

    SierraMyk New Member

    I have been reading articles about a vulnerability in phpMyAdmin versions prior to 4.7.7. Is there a planned update for phpMyAdmin, or are there actions we need to take ourselves to get the latest?
     
  2. KH-Jonathan

    KH-Jonathan Director of Managed Services Staff Member

    This does not seem to affect cPanel, as cPanel uses token-based logins for PhpMyAdmin and it would be difficult for an attacker to craft a malicious link that works with cPanel's sessions. cPanel staff has confirmed this, and you can read more about this here:

    --
    https://forums.cpanel.net/threads/pmasa-2017-9-xsrf-csrf-vulnerability-in-phpmyadmin.618971/
    --

    In short, because PhpMyAdmin requires cPanel or WHM authentication before it will work, this vulnerability should not apply to you. However, cPanel plans to release PhpMyAdmin 4.7.7 in a future version update. Let me know if you have any other questions.
     
  3. onliveserver

    onliveserver New Member

    Hii,

    it's need to update the latest phpmyadmin version, baecasue WHM/Cpanel community update to itself continuously, if customised software is not updated then it play security vulnerability, and sometimeit happened DDS attacked.
     
  4. floristsaigon

    floristsaigon New Member

    I also need update new version.
     
  5. phpAddict

    phpAddict Active Member

Share This Page