Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

SOLVED PMASA-2017-9 - XSRF/CSRF vulnerability in phpMyAdmin

Discussion in 'Security' started by ciao70, Jan 2, 2018.

Tags:
  1. ciao70

    ciao70 Active Member

    Joined:
    Nov 3, 2006
    Messages:
    33
    Likes Received:
    0
    Trophy Points:
    158
    Hi,

    Critical Vulnerability in phpMyAdmin 4.7.x

    Security - PMASA-2017-9

    cyberworldmirror.com/vulnerability-phpmyadmin-lets-attacker-perform-drop-table-single-click


    Cpanel is vulnerable?

    Current 11.68.0.23

    Fixed case CPANEL-17364: Update cpanel-phpmyadmin to 4.7.3-4.cp1166. (Vulnerable?)

    Thanks
     
  2. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    1,010
    Likes Received:
    87
    Trophy Points:
    78
    cPanel Access Level:
    DataCenter Provider
    Pretty scary URL for an XSRF bug :/
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,344
    Likes Received:
    1,852
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    The instance of phpMyAdmin we provide isn't vulnerable to CSRF/XSRF attacks like the one in this vulnerability because we use security tokens:

    Security Tokens

    That said, internal case CPANEL-17713 is open to update phpMyAdmin to version 4.7.7. I'll monitor the case and update this thread with more information on the status of it's implementation as it becomes available.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    quizknows likes this.
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,344
    Likes Received:
    1,852
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    To update, phpMyAdmin version 4.7.7 is included with cPanel version 70:

    Fixed case CPANEL-15496: Update cpanel-phpmyadmin to 4.7.7-1.cp1166.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,344
    Likes Received:
    1,852
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    phpMyAdmin version 4.7.7 is now published to cPanel version 68.0.29:

    Fixed case CPANEL-15496: Update cpanel-phpmyadmin to 4.7.7-1.cp1166.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice