phpMyAdmin Security und Bugfix Release 4.8.5

Die Entwickler des beliebten phpMyAdmin zur Verwaltung von MySQL / MariaDB Datenbanken, erhielt vor wenigen Tagen das Security udn Bugfix Update 4.8.5.

phpMyAadmin 4.8.5 Release Notes

The security fixes involve:

  • Arbitrary file read vulnerability (https://www.phpmyadmin.net/security/PMASA-2019-1)
  • SQL injection in the Designer interface (https://www.phpmyadmin.net/security/PMASA-2019-2)

The arbitrary file read vulnerability could also be exploited to delete arbitrary files on the server. This attack requires that phpMyAdmin be run with the $cfg[‘AllowArbitraryServer’] directive set to true, which is not the default. An attacker must run a malicious server process that will masquerade as a MySQL server. This exploit has been found and fixed recently in several other related projects and appears to be caused by a bug in PHP (https://bugs.php.net/bug.php?id=77496).

In addition to the security fixes, this release also includes these bug fixes and more as part of our regular release cycle:

  • Export to SQL format not available
  • QR code not shown when adding two-factor authentication to a user account
  • Issue with adding a new user in MySQL 8.0.11 and newer
  • Frozen interface relating to Text_Plain_Sql plugin
  • Table level Operations tab was missing

Quelle: https://www.phpmyadmin.net/files/4.8.5/

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.

Diese Website verwendet Akismet, um Spam zu reduzieren. Erfahre mehr darüber, wie deine Kommentardaten verarbeitet werden.