Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

SOLVED PMASA-2017-9 - XSRF/CSRF vulnerability in phpMyAdmin

Discussion in 'Security' started by ciao70, Jan 2, 2018.

Tags:
  1. ciao70

    ciao70 Active Member

    Joined:
    Nov 3, 2006
    Messages:
    37
    Likes Received:
    2
    Trophy Points:
    158
    Hi,

    Critical Vulnerability in phpMyAdmin 4.7.x

    Security - PMASA-2017-9

    cyberworldmirror.com/vulnerability-phpmyadmin-lets-attacker-perform-drop-table-single-click


    Cpanel is vulnerable?

    Current 11.68.0.23

    Fixed case CPANEL-17364: Update cpanel-phpmyadmin to 4.7.3-4.cp1166. (Vulnerable?)

    Thanks
     
  2. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    1,011
    Likes Received:
    88
    Trophy Points:
    78
    cPanel Access Level:
    DataCenter Provider
    Pretty scary URL for an XSRF bug :/
     
  3. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,803
    Likes Received:
    1,898
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    The instance of phpMyAdmin we provide isn't vulnerable to CSRF/XSRF attacks like the one in this vulnerability because we use security tokens:

    Security Tokens

    That said, internal case CPANEL-17713 is open to update phpMyAdmin to version 4.7.7. I'll monitor the case and update this thread with more information on the status of it's implementation as it becomes available.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
    quizknows likes this.
  4. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,803
    Likes Received:
    1,898
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    To update, phpMyAdmin version 4.7.7 is included with cPanel version 70:

    Fixed case CPANEL-15496: Update cpanel-phpmyadmin to 4.7.7-1.cp1166.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. cPanelMichael

    cPanelMichael Technical Support Community Manager
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    44,803
    Likes Received:
    1,898
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hello,

    phpMyAdmin version 4.7.7 is now published to cPanel version 68.0.29:

    Fixed case CPANEL-15496: Update cpanel-phpmyadmin to 4.7.7-1.cp1166.

    Thank you.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice