phpMyAdminÎó²îÇ徲ͨ¸æ

Ðû²¼Ê±¼ä 2019-01-28

Îó²î±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2019-6799£¬£¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÑÏÖØ£¬£¬£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-6798£¬£¬£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨


Ó°Ïì¹æÄ£


ÊÜÓ°Ïì°æ±¾£º

CVE-2019-6799£º

phpMyAdmin 4.0µ½4.8.4

CVE-2019-6798£º

phpMyAdmin 4.5.0µ½4.8.4


Îó²î¸ÅÊö


phpMyAdminÊÇphpMyAdminÍŶӿª·¢µÄÒ»Ì×Ãâ·ÑµÄ¡¢»ùÓÚWebµÄMySQLÊý¾Ý¿âÖÎÀí¹¤¾ß¡£¡£¡£¡£¡£¡£¸Ã¹¤¾ßÄܹ»½¨ÉèºÍɾ³ýÊý¾Ý¿â£¬£¬£¬£¬£¬£¬£¬£¬½¨É衢ɾ³ý¡¢ÐÞ¸ÄÊý¾Ý¿â±í£¬£¬£¬£¬£¬£¬£¬£¬Ö´ÐÐSQL¾ç±¾ÏÂÁîµÈ¡£¡£¡£¡£¡£¡£


phpMyAdmin 4.8.4֮ǰ°æ±¾Öб£´æí§ÒâÎļþ¶ÁÈ¡Îó²îºÍDesigner½çÃæÖеÄSQL×¢ÈëÎó²î£¬£¬£¬£¬£¬£¬£¬£¬¸ÅÊöÈçÏ£º

CVE-2019-6799

´Ë¹¥»÷ÒªÇó phpMyAdmin½« AllowArbitraryServerÖ¸ÁîÉèÖÃΪ true À´ÔËÐУ¬£¬£¬£¬£¬£¬£¬£¬¶ø²»ÊÇĬÈÏÖµ¡£¡£¡£¡£¡£¡£¹¥»÷Õß»¹±ØÐèͨ¹ýαװ³ÉMySQLЧÀÍÆ÷ÔËÐжñÒâЧÀÍÆ÷Àú³Ì¡£¡£¡£¡£¡£¡£Ê¹ÓôËÎó²î¿ÉÒÔ¶ÁȡЧÀÍÆ÷ÉϵÄí§ÒâÎļþ¡£¡£¡£¡£¡£¡£

CVE-2019-6798

´ËÎó²î¿ÉÒÔʹÓÃÌض¨µÄÓû§Ãûͨ¹ýÉè¼ÆÆ÷¹¦Ð§´¥·¢SQL×¢Èë¹¥»÷¡£¡£¡£¡£¡£¡£


ÐÞ¸´½¨Òé


ÏÖÔÚ³§ÉÌÒÑÐû²¼Éý¼¶²¹¶¡ÒÔÐÞ¸´Îó²î£¬£¬£¬£¬£¬£¬£¬£¬Çë¸üÐÂÖÁphpMyAdmin 4.8.5. https://www.phpmyadmin.net/downloads/¡£¡£¡£¡£¡£¡£


²Î¿¼Á´½Ó


https://www.phpmyadmin.net/news/2019/1/26/security-fix-phpmyadmin-485-released/

https://www.phpmyadmin.net/security/PMASA-2019-1/

https://www.phpmyadmin.net/security/PMASA-2019-2/

https://www.phpmyadmin.net/downloads/