phpMyAdmin is one of the most popular and widely used MySQL database management systems. its developers have released an updated version 4.8.4 of its software to patch several major vulnerabilities. These vulnerabilities eventually allow remote attackers to take control of the affected web servers.
The phpMyAdmin said about this update through its blog. phpMyAdmin release manager Isaac Bennetch told The Hacker News that “We are inspired by the workflow of other projects (such as Mediawiki and others) which often announce any security release in advance to allow package maintainers and hosting providers to prepare. We are experimenting to see if such a workflow is suitable for our project”.
This new version comes with the following bug fix.
- Local file inclusion
- XSRF/CSRF vulnerabilities allowing a specially-crafted URL to perform harmful operations
- XSS vulnerability in the navigation tree
phpMyAdmin is an open source and free administration tool for managing MySQL databases using a simple graphical interface over the web-browser.
Almost every web hosting service pre-installs phpMyAdmin with their control panels to help webmasters easily manage their databases for websites, including WordPress, Joomla, and many other content management platforms.
Website administrators and hosting providers are highly recommended to install latest update or patches immediately.