phpMyAdmin 2.5.7 vulnerable to remote attacks

many of us use phpMyAdmin to help us manage our MySQL databases. If left open to public access, phpMyAdmin is open to a remote attack allowing the attacker to run arbitrary php code.

The best way to protect yourself is to simply password protect phpMyAdmin. On apache, this can usually be done with a .htaccess and .htpasswd file. Hit google for more information on password protecting parts of your website.


The official white paper on the bug is located here:


http://www.packetstormsecurity.org/0407-exploits/phpMyAdmin257.txt