Security

PhpMyAdmin Releases Security Update 4.8.4, Patches XSRF and XSS vulnerabilities

The security release will patch vulnerabilities in the database management system

Cyber attacks are getting common day-by-day. Every other company is being hit by cyber attacks. The more time you spent on the internet, the more there are chances that your personal data can be leaked online. Companies try their best to keep their security tools up-to-date in order to counter any such threat. Developers of phpMyAdmin have done just that as they released an important update to its software.

Developers of phpMyAdmin released 4.8.4 version update to its software. The version update will help to patch several vulnerabilities to the software of phpMyAdmin. The vulnerabilities were of high risk as any remote attacker would have been able to take control of any affected servers of phpMyAdmin. The popular MySQL database was constantly under the threat of remote attackers ever since the company announced its security announcement last week.

In a blog post last week, phpAdmin announced a security update will be released on 11th December to cater to any possible remote attack. The security fixes now have been released today by phpAdmin. Some of the important released fixes include the following:

  • Local file inclusion (https://www.phpmyadmin.net/security/PMASA-2018-6/),
  • XSRF/CSRF vulnerabilities allowing a specially-crafted URL to perform harmful operations (https://www.phpmyadmin.net/security/PMASA-2018-7/), and
  • an XSS vulnerability in the navigation tree (https://www.phpmyadmin.net/security/PMASA-2018-8/)

Apart from these security updates, there were other security fixes as well by phpMyAdmin. These security fixes include

  • The issue of changing the theme
  • Ensure database names with a dot
  • Multiple errors and regressions with designer
  • Fix for “Error while copying database”

phpMyAdmin said that they experimented with the pre-release announcement of the 4.8.4 version update. The main reason for doing so was to give an opportunity to hosting providers and package managers to prepare for the security release. The company also asked for the feedback regarding this experimentation so that it can be continued in the future as well.


Close