Critical Security Hole in PHPMyAdmin
A critical security hole has been discovered in PHPMyAdmin, a popular program for managing MySQL databases. The vulnerability allows an attacker to defeat the program's security scheme by overwriting key system files, which in turn enables remote file inclusion and cross-site scripting attacks. The PHPMyAdmin project has released an update that fixes the issue, which can be downloaded here. Details of the security hole and its implications are outlined in an advisory from the Hardened PHP Project, which discovered the issue during a code audit.
PHPMyAdmin is installed on many shared hosting systems to help customers manage databases for PHP applications. As a result, the security hole may be attractive to hackers, as the program's location on a system can be easily learned, and PHPMyAdmin provides access to a wide variety of web applications based on MySQL databases, including blogs, forums and content management systems.
The potential impact of the limited by the fact that it only affects version 2.7.0, which was released last week. Users who upgraded to 2.7.0 promptly are vulnerable, while systems running older versions of the software are not affected.
Digg
Slashdot
Reddit
StumbleUpon
Delicious
Technorati| Rackspace Managed Hosting - Web Hosting - Hosting | Swishmail.com Business Email Hosting | Dedicated Servers - Apollo Hosting |
| INetU Managed Hosting - Dedicated Servers | DataPipe - Personal Touch, Global Reach | Website Hosting - Website Source - Ecommerce, VPS |
| Reseller hosting Managed dedicated server Ahosting | Web Hosting and Reseller Hosting By HostDepartment | Web Hosting UK - VPS Hosting Dedicated Server |
| Web Site Hosting - Network Solutions | Simplicato Email Hosting | |
Advertising on Netcraft