+44 0330 223 3428
Call Us
+44 0330 223 3428

Lorelle on WP: Vulnerability in phpMyAdmin Requires Immediate Patch

Lorelle on WP: Vulnerability in phpMyAdmin Requires Immediate Patch

A critical CSRF Vulnerability in phpMyAdmin Database administration tool has been found and a patch is available for all computers and servers running the MySQL database.

Does this include you?

If you are using WordPress, yes it does.

Contact your web host to ensure phpMyAdmin is updated immediately.

If you are self-hosted and manage your own server, update phpMyAdmin immediately.

If you are using WordPress or phpMyAdmin and MySQL on your computer through WAMP, MAMP, XAMPP, Instant WordPress, DesktopServer, BitNami or any of the other ways you can install WordPress on your computer or a stick (USB), update phpMyAdmin by using the patch or check the install technique’s site for updates.

The flaw affects phpMyAdmin versions 4.7.x prior to 4.7.7. Hopefully, your server/web host company has been updating phpMyAdmin all along and you don’t need to worry, but even though this is a medium security vulnerability, it is your responsibility as a site owner and administrator to ensure that your site is safe. Don’t just rely on GoDaddy, Dreamhost, or whatever hosting service you use to take care of these things for you. Sometimes they are on top of these before an announcement is made public. Other times, they are clueless and require customer intervention and nagging.

Now, what is phpMyAdmin?

MySQL is an open source database program, and phpMyAdmin is the free, open source tool that makes the administration and use of MySQL easier to manage. It is not a database. It is a database manager. You can easily search and replace data in the database, make changes, and do other maintenance and utility tasks in the database.

Every installation of WordPress requires PHP and MySQL along with a variety of other web-based programming packages and software. Most installations by web hosts and portable versions of WordPress add phpMyAdmin to manage the WordPress site. It is not required for WordPress to work, but don’t assume that it is or isn’t installed. CHECK.

To find out if phpMyAdmin is installed on your site:

  1. Check with your web host and ask. Don’t expect their customer service staff to know for sure. Make them check your account and verify whether or not it is installed, and if they’ve updated. Push them for a specific answer.
  2. Check the site admin interface (cPanel, Plesk, etc.) to see if it is installed.
  3. Log into your site through secure FTP into the root (if you have access) and look for the installation at /usr/share/phpmyadmin or localhost/phpmyadmin. Unfortunately, it could be anywhere depending upon the installation as these are virtual folders, not folders found on your computer, so it must be assigned to a location.
  4. If running a portable installation of MySQL and/or WordPress, follow the instructions for that tool and download and install all patches to ensure phpMyAdmin is updated to the latest secure version.


Filed under: WordPress, WordPress News Tagged: mysql, php, phpmyadmin, phpmyadmin security, security, security vulnerability, server vulnerability, servers, vulnerability, web hosts, wordpress install, WordPress News

Source: WordPress

Related Post
WPTavern: WordPress 5.0.2 to Bring Major Performance Improvements, Scheduled for December 19

WPTavern: WordPress 5.0.2 to Bring Major Performance Improvements, Scheduled for December 19 Processed with VSCOcam with c1 preset WordPress 5.0.1 was released yesterday as a security release with fixes for seven vulnerabilities that were privately disclosed. It includes a few breaks in backwards compatibility that plugin developers will want to review. WordPress 5.0.2 will be […]

Read more
WPTavern: WPWeekly Episode 341 – Recap of WordCamp US 2018

WPTavern: WPWeekly Episode 341 – Recap of WordCamp US 2018 In this episode, John James Jacoby and I recap WordCamp US 2018. We discuss what’s new in WordPress 5.0.1 and when users can expect to see 5.0.2. We also chat about the new path that WordPress is on and where it may lead. John shares […]

Read more
WPTavern: WordCamp US 2019 to be Held November 1-3 in St. Louis

WPTavern: WordCamp US 2019 to be Held November 1-3 in St. Louis photo credit: Wikimedia Commons Dates for WordCamp US 2019 were announced today, less than a week after wrapping up a successful camp in Nashville. Unlike all previous years held in December, next year’s event will take place November 1-3 in St. Louis, Missouri. […]

Read more