漏洞类别:CGI
漏洞等级: 
漏洞信息
phpMyAdmin is a free software tool written in PHP and intended to handle the administration of MySQL over the Internet.
A vulnerability was discovered in the libraries/central_columns.lib.php source file that allows an SQL injection attack to run arbitrary commands as the control user via a crafted database name that is mishandled in a central column query.
Affected Versions:
phpMyAdmin 4.6.x before 4.6.3
phpMyAdmin 4.4.x versions before 4.4.15.7
漏洞危害
Successful exploitation allows remote attackers to inject and execute arbitrary SQL code a targeted server.
解决方案
Users are advised to upgrade to phpMyAdmin 4.6.3, 4.4.15.7 or the latest version.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论