phpMyAdmin 2.5.7 vulnerable to remote attacks

many of us use phpMyAdmin to help us manage our MySQL databases. If left open to public access, phpMyAdmin is open to a remote attack allowing the attacker to run arbitrary php code.

The best way to protect yourself is to simply password protect phpMyAdmin. On apache, this can usually be done with a .htaccess and .htpasswd file. Hit google for more information on password protecting parts of your website.


The official white paper on the bug is located here:


http://www.packetstormsecurity.org/0407-exploits/phpMyAdmin257.txt

351 thoughts on “phpMyAdmin 2.5.7 vulnerable to remote attacks

  1. phpMyAdmin 2.5.7 vulnerable to remote attacks
    Thanks for letting us know about this, Noah!

    I think I’m OK though, since not only am I too lazy to have updated to 2.5.7, but I also already use .htaccess to protect phpMyAdmin.

    – Doug

Leave a Reply

Your email address will not be published. Required fields are marked *