• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

phpMyAdmin Upgrade: Security Flaw

E

Eric Pretorious

Regular Pleskian
  1. At the bottom of the phpMyAdmin homepage there's a warning:

    A newer version of phpMyAdmin is available and you should consider upgrading. The newest version is 4.0.0, released on 2013-05-03.
    Click to expand...
  2. In Volume 13, Number 19 of the @RISK: The Consensus Security Vulnerability Alert, SANS has issued an alert...

    ID: CVE-2013-3238
    Title: phpMyAdmin preg_replace() Input Validation Error Script
    Execution Vulnerability
    Vendor: phpMyAdmin
    Description: phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3 allows remote authenticated users to execute arbitrary code via a /e\x00 sequence, which is not properly handled before making a preg_replace function call within the "Replace table prefix" feature.
    CVSS v2 Base Score: 6.0 (AV:N/AC:M/Au:S/C:p/I:p/A:p)
    Click to expand...
From the most recent rpt_cl_report_for_admin__:

Parallels Panel version psa v11.0.9_build110120608.16 os_CentOS 6
Click to expand...

Has the Plesk community already been notified of this vulnerability? Has this vulnerability already been addressed? How/When will phpMyAdmin be upgraded?
 
Last edited:
You must log in or register to reply here.

Similar threads

R
Control Panel PHP
Replies
2
Views
3K
rank1st
R
R
PHP version problem for PCI compliance
Replies
10
Views
6K
Amin Taheri
A
R
SecurityMetrics.com Security Problem w/PHP
Replies
1
Views
2K
zaph
Z
lvalics
phpMyAdmin Local File Inclusion and Cross-Site Scripting
Replies
1
Views
2K
Whistler
W
Back
Top