Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SOLVED PMASA-2017-9 - XSRF/CSRF vulnerability in phpMyAdmin

Discussion in 'Security' started by ciao70, Jan 2, 2018.

Tags:
  1. ciao70

    ciao70 Active Member

    Joined:
    Nov 3, 2006
    Messages:
    31
    Likes Received:
    0
    Trophy Points:
    158
    Hi,

    Critical Vulnerability in phpMyAdmin 4.7.x

    Security - PMASA-2017-9

    cyberworldmirror.com/vulnerability-phpmyadmin-lets-attacker-perform-drop-table-single-click


    Cpanel is vulnerable?

    Current 11.68.0.23

    Fixed case CPANEL-17364: Update cpanel-phpmyadmin to 4.7.3-4.cp1166. (Vulnerable?)

    Thanks
     
  2. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    1,010
    Likes Received:
    87
    Trophy Points:
    78
    cPanel Access Level:
    DataCenter Provider
    Pretty scary URL for an XSRF bug :/
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    42,734
    Likes Received:
    1,706
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    The instance of phpMyAdmin we provide isn't vulnerable to CSRF/XSRF attacks like the one in this vulnerability because we use security tokens:

    Security Tokens

    That said, internal case CPANEL-17713 is open to update phpMyAdmin to version 4.7.7. I'll monitor the case and update this thread with more information on the status of it's implementation as it becomes available.

    Thank you.
     
    quizknows likes this.
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    42,734
    Likes Received:
    1,706
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    To update, phpMyAdmin version 4.7.7 is included with cPanel version 70:

    Fixed case CPANEL-15496: Update cpanel-phpmyadmin to 4.7.7-1.cp1166.

    Thank you.
     
  5. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    42,734
    Likes Received:
    1,706
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Hello,

    phpMyAdmin version 4.7.7 is now published to cPanel version 68.0.29:

    Fixed case CPANEL-15496: Update cpanel-phpmyadmin to 4.7.7-1.cp1166.

    Thank you.
     
Loading...

Share This Page