SOLVED PMASA-2017-9 - XSRF/CSRF vulnerability in phpMyAdmin

C

ciao70

Well-Known Member
Nov 3, 2006
149
33
178
Hi,

Critical Vulnerability in phpMyAdmin 4.7.x

Security - PMASA-2017-9

cyberworldmirror.com/vulnerability-phpmyadmin-lets-attacker-perform-drop-table-single-click


Cpanel is vulnerable?

Current 11.68.0.23

Fixed case CPANEL-17364: Update cpanel-phpmyadmin to 4.7.3-4.cp1166. (Vulnerable?)

Thanks
 
cPanelMichael

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,880
2,258
463
Hello,

The instance of phpMyAdmin we provide isn't vulnerable to CSRF/XSRF attacks like the one in this vulnerability because we use security tokens:

Security Tokens

That said, internal case CPANEL-17713 is open to update phpMyAdmin to version 4.7.7. I'll monitor the case and update this thread with more information on the status of it's implementation as it becomes available.

Thank you.
 
  • Like
Reactions: quizknows
cPanelMichael

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,880
2,258
463
Hello,

To update, phpMyAdmin version 4.7.7 is included with cPanel version 70:

Fixed case CPANEL-15496: Update cpanel-phpmyadmin to 4.7.7-1.cp1166.

Thank you.
 
cPanelMichael

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,880
2,258
463
Hello,

phpMyAdmin version 4.7.7 is now published to cPanel version 68.0.29:

Fixed case CPANEL-15496: Update cpanel-phpmyadmin to 4.7.7-1.cp1166.

Thank you.
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
M SOLVED [CPANEL-21362] phpMyAdmin Vulnerability PMASA-2018-4 Security 2
C Apache (CVE-2017-9798) Security 1
MajorLancelot Apache CVE-2017-7679 Security 2
rpvw SquirrelMail CVE-2017-7692 Security 3
M Php My Admin PMASA-2013-15 Security 1
Similar threads
SOLVED [CPANEL-21362] phpMyAdmin Vulnerability PMASA-2018-4
Apache (CVE-2017-9798)
Apache CVE-2017-7679
SquirrelMail CVE-2017-7692
Php My Admin PMASA-2013-15
Top Bottom