p2pnet.net News:- MySQL database users could be open to remote attacks because of a phpMyAdmin bug, says the project, announcing the release of phpMyAdmin-2.6.0-pl2.

"This is patch level 2 of phpMyAdmin 2.6.0, containing a security fix and a few other fixes," it says.

If PHP isn’t running in safe mode, a problem in the MIME-based transformation system (with an ‘external’ transformation) allows the execution of any command "with the privileges of the web server’s user," says lem9.

phpMyAdmin is a tool written in PHP to handle the MySQL admin online.

"Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, manage keys on fields, manage privileges,export data into various formats and is available in 47 languages," say the developers.

===================

See:-

remote attacks – phpMyAdmin-2.6.0-pl2 is released, Frankfurt, Germany, October 12, 2004

This entry was posted on Thursday, October 14th, 2004 at 3:48 pm and is filed under Uncategorized. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

HOME

Viewed 2002 times