• Introducing WebPros Cloud - a fully managed infrastructure platform purpose-built to simplify the deployment of WebPros products !  WebPros Cloud enables you to easily deliver WebPros solutions — without the complexity of managing the infrastructure.
    Join the pilot program today!
  • Support for BIND DNS has been removed from Plesk for Windows due to security and maintenance risks.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS.

phpMyAdmin Upgrade: Security Flaw

Eric Pretorious

Regular Pleskian
  1. At the bottom of the phpMyAdmin homepage there's a warning:

    A newer version of phpMyAdmin is available and you should consider upgrading. The newest version is 4.0.0, released on 2013-05-03.
  2. In Volume 13, Number 19 of the @RISK: The Consensus Security Vulnerability Alert, SANS has issued an alert...

    ID: CVE-2013-3238
    Title: phpMyAdmin preg_replace() Input Validation Error Script
    Execution Vulnerability
    Vendor: phpMyAdmin
    Description: phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3 allows remote authenticated users to execute arbitrary code via a /e\x00 sequence, which is not properly handled before making a preg_replace function call within the "Replace table prefix" feature.
    CVSS v2 Base Score: 6.0 (AV:N/AC:M/Au:S/C:p/I:p/A:p)
From the most recent rpt_cl_report_for_admin__:

Parallels Panel version psa v11.0.9_build110120608.16 os_CentOS 6

Has the Plesk community already been notified of this vulnerability? Has this vulnerability already been addressed? How/When will phpMyAdmin be upgraded?
 
Last edited:
Back
Top