SOLVED PMASA-2017-9 - XSRF/CSRF vulnerability in phpMyAdmin

ciao70

Well-Known Member
Nov 3, 2006
62
8
158
Hi,

Critical Vulnerability in phpMyAdmin 4.7.x

Security - PMASA-2017-9

cyberworldmirror.com/vulnerability-phpmyadmin-lets-attacker-perform-drop-table-single-click


Cpanel is vulnerable?

Current 11.68.0.23

Fixed case CPANEL-17364: Update cpanel-phpmyadmin to 4.7.3-4.cp1166. (Vulnerable?)

Thanks
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,911
2,234
363
Hello,

The instance of phpMyAdmin we provide isn't vulnerable to CSRF/XSRF attacks like the one in this vulnerability because we use security tokens:

Security Tokens

That said, internal case CPANEL-17713 is open to update phpMyAdmin to version 4.7.7. I'll monitor the case and update this thread with more information on the status of it's implementation as it becomes available.

Thank you.
 
  • Like
Reactions: quizknows

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,911
2,234
363
Hello,

To update, phpMyAdmin version 4.7.7 is included with cPanel version 70:

Fixed case CPANEL-15496: Update cpanel-phpmyadmin to 4.7.7-1.cp1166.

Thank you.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,911
2,234
363
Hello,

phpMyAdmin version 4.7.7 is now published to cPanel version 68.0.29:

Fixed case CPANEL-15496: Update cpanel-phpmyadmin to 4.7.7-1.cp1166.

Thank you.