Server-squashing zero-day published for phpMyAdmin tool

    Date20 Sep 2019
    Posted ByBrittany Day
    Shutterstock 182187896 Compressor

    Are you a phpMyAdmin user? A researcher has just published a zero-day security bug in one of the web’s most popular database administration software packages. Learn more:

    The bug makes it possible for an attacker to delete a server by hijacking a user’s account in phpMyAdmin, a 21-year-old open-source tool used to manage MySQL and MariaDB databases.

    The flaw is a classic cross-site request forgery (CSRF). It’s a long-used attack in which an attacker can force a logged-in user’s browser to perform malicious actions such as changing their account details. A browser request includes any details associated with the site, such as the user’s session cookie, making it difficult to distinguish between the real request and a forged one.

    The bug report on the Full Disclosure mailing says that an attack would have to target phpMyAdmin’s setup page. The CVE listing for the bug gives it a medium severity rating.

    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the LinuxSecurity Privacy news articles?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    [{"id":"90","title":"Love them!","votes":"29","type":"x","order":"1","pct":90.63,"resources":[]},{"id":"91","title":"I'm indifferent","votes":"2","type":"x","order":"2","pct":6.25,"resources":[]},{"id":"92","title":"Not interested in this topic","votes":"1","type":"x","order":"3","pct":3.13,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.