1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

phpMyAdmin security announcement PMASA-2006-5

Discussion in 'Databases' started by TruckTechniques, Oct 5, 2006.

  1. #1
    I searched and have not seen this posted yet

    phpMyAdmin security announcement PMASA-2006-5

    http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2006-5

    Announcement-ID: PMASA-2006-5
    Date: 2006-10-01


    Summary:
    XSRF (Cross Site Request Forgery) vulnerabilities

    Description:
    We received a security advisory from Stefan Esser (sesser@hardened-php.net) and we wish to thank him for his work.

    It was possible to inject arbitrary SQL commands by forcing an authenticated user to follow a crafted link.

    Severity:
    We consider these vulnerabilities to be serious.

    Affected versions:
    At least versions since 2.8.2.x.

    Solution:
    Upgrade to phpMyAdmin 2.9.0.1 or newer.

    References:
    (will follow)


    For further information and in case of questions, please contact the phpMyAdmin team. Our website is http://www.phpmyadmin.net/.
     
    TruckTechniques, Oct 5, 2006 IP
    eXe likes this.
  2. eXe

    eXe Notable Member

    Messages:
    4,643
    Likes Received:
    248
    Best Answers:
    0
    Trophy Points:
    285
    #2
    Thanks for the heads up!
     
    eXe, Oct 5, 2006 IP
  3. TruckTechniques

    TruckTechniques Peon

    Messages:
    382
    Likes Received:
    6
    Best Answers:
    0
    Trophy Points:
    0
    #3
    No sweat, I handle security vulnerabilities here at work and this one showed up for some reason :D
     
    TruckTechniques, Oct 5, 2006 IP
  4. hextraordinary

    hextraordinary Well-Known Member

    Messages:
    2,171
    Likes Received:
    115
    Best Answers:
    0
    Trophy Points:
    105
    #4
    Where did u get it from? Didn't show up yet on any of my lists.
     
    hextraordinary, Oct 5, 2006 IP
  5. TruckTechniques

    TruckTechniques Peon

    Messages:
    382
    Likes Received:
    6
    Best Answers:
    0
    Trophy Points:
    0
    #5
    It showed up here at work with our other security bulletins :D
     
    TruckTechniques, Oct 6, 2006 IP
  6. hextraordinary

    hextraordinary Well-Known Member

    Messages:
    2,171
    Likes Received:
    115
    Best Answers:
    0
    Trophy Points:
    105
    #6
    What service are you using? if I may ask
     
    hextraordinary, Oct 6, 2006 IP
  7. TruckTechniques

    TruckTechniques Peon

    Messages:
    382
    Likes Received:
    6
    Best Answers:
    0
    Trophy Points:
    0
    #7
    No idea, I work for EDS (Electronic Data Systems) there is a team of people dedicated to this effort. I am on an email distribution :D
     
    TruckTechniques, Oct 6, 2006 IP
  8. Mystique

    Mystique Well-Known Member

    Messages:
    2,579
    Likes Received:
    94
    Best Answers:
    2
    Trophy Points:
    195
    #8
    Since several version ago, phpMyAdmin sucks

    They believe that their "cosmetic look" is cool but its functionality is everyday worst, similar to Adsense with that "mania" of framing the results by means of a small window that requires extra (annoying) scrolling.

    And then they go spreading that you must not use frames when they do.

    But the fact is that I have my own phpMyAdmin installation, which is the last before the gimmicks and doesn not cause any problem or security issue :rolleyes:
     
    Mystique, Oct 6, 2006 IP