phpMyAdminÎó²îÇ徲ͨ¸æ

Ðû²¼Ê±¼ä 2019-01-28

Îó²î±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2019-6799£¬Î£ÏÕ¼¶±ð£ºÑÏÖØ£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-6798£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨


Ó°Ïì¹æÄ£


ÊÜÓ°Ïì°æ±¾£º

CVE-2019-6799£º

phpMyAdmin 4.0µ½4.8.4

CVE-2019-6798£º

phpMyAdmin 4.5.0µ½4.8.4


Îó²î¸ÅÊö


phpMyAdminÊÇphpMyAdminÍŶӿª·¢µÄÒ»Ì×Ãâ·ÑµÄ¡¢»ùÓÚWebµÄMySQLÊý¾Ý¿âÖÎÀí¹¤¾ß¡£¸Ã¹¤¾ßÄܹ»½¨ÉèºÍɾ³ýÊý¾Ý¿â£¬½¨É衢ɾ³ý¡¢ÐÞ¸ÄÊý¾Ý¿â±í£¬Ö´ÐÐSQL¾ç±¾ÏÂÁîµÈ¡£


phpMyAdmin 4.8.4֮ǰ°æ±¾Öб£´æí§ÒâÎļþ¶ÁÈ¡Îó²îºÍDesigner½çÃæÖеÄSQL×¢ÈëÎó²î£¬¸ÅÊöÈçÏ£º

CVE-2019-6799

´Ë¹¥»÷ÒªÇó phpMyAdmin½« AllowArbitraryServerÖ¸ÁîÉèÖÃΪ true À´ÔËÐУ¬¶ø²»ÊÇĬÈÏÖµ¡£¹¥»÷Õß»¹±ØÐèͨ¹ýαװ³ÉMySQL·þÎñÆ÷ÔËÐжñÒâ·þÎñÆ÷Àú³Ì¡£Ê¹ÓôËÎó²î¿ÉÒÔ¶ÁÈ¡·þÎñÆ÷ÉϵÄí§ÒâÎļþ¡£

CVE-2019-6798

´ËÎó²î¿ÉÒÔʹÓÃÌض¨µÄÓû§Ãûͨ¹ýÉè¼ÆÆ÷¹¦Ð§´¥·¢SQL×¢Èë¹¥»÷¡£


ÐÞ¸´½¨Òé


ÏÖÔÚ³§ÉÌÒÑÐû²¼Éý¼¶²¹¶¡ÒÔÐÞ¸´Îó²î£¬Çë¸üÐÂÖÁphpMyAdmin 4.8.5. https://www.phpmyadmin.net/downloads/¡£


²Î¿¼Á´½Ó


https://www.phpmyadmin.net/news/2019/1/26/security-fix-phpmyadmin-485-released/

https://www.phpmyadmin.net/security/PMASA-2019-1/

https://www.phpmyadmin.net/security/PMASA-2019-2/

https://www.phpmyadmin.net/downloads/