The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

phpMyAdmin Security Advisory

Discussion in 'Security' started by cPanelBilly, Dec 14, 2004.

  1. cPanelBilly

    cPanelBilly Guest

    The current version of phpMyAdmin that cPanel is using is known to have a security advisory. The patch is still in RC and as soon as a non RC version is put out we will test and update.

    While the vulnerability is present in the version we are using, it will not effect any cPanel server. When phpMyAdmin is ran from cPanel it is ran as the user calling it. The remote code execution will then run as a non privlaged user and cannot effect any files other than what is owned by said user. Thus any attempts to execute any code would only allow them to execute code they own and could already execute via other means.

    Ref: http://securityfocus.com/archive/1/384199/2004-12-10/2004-12-16/0
     
  2. mr.wonderful

    mr.wonderful BANNED

    Joined:
    Feb 1, 2004
    Messages:
    345
    Likes Received:
    0
    Trophy Points:
    0
    Great, in your update, try to fix the issues with users being able to create databases from phpmyadmin. There are many users who are having this issue and after repeated posts in this forum, including your tt system, you guys are just dragging your wheels on a fix for this. This is also a security issue.
     
    #2 mr.wonderful, Dec 14, 2004
    Last edited: Dec 14, 2004
  3. Hantai

    Hantai Member

    Joined:
    Feb 9, 2004
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    London, UK
    (err scratch that, must be tired, that ended up in the wrong thread, sorry)
     
    #3 Hantai, Feb 10, 2005
    Last edited: Feb 10, 2005
Loading...

Share This Page