phpMyAdmin·ì϶°²È«¹«¸æ

°ä²¼¹¦·ò 2019-01-28

·ì϶±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2019-6799 £¬Î£ÏÕ¼¶±ð£ºÑϳÁ £¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-6798 £¬Î£ÏÕ¼¶±ð£º¸ßΣ £¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨


Ó°ÏìÁìÓò


ÊÜÓ°Ïì°æ±¾£º

CVE-2019-6799£º

phpMyAdmin 4.0µ½4.8.4

CVE-2019-6798£º

phpMyAdmin 4.5.0µ½4.8.4


·ì϶¸ÅÊö


phpMyAdminÊÇphpMyAdminÍŶӿª·¢µÄÒ»Ì×Ãâ·ÑµÄ¡¢»ùÓÚWebµÄMySQLÊý¾Ý¿âÖÎÀí¹¤¾ß¡£¸Ã¹¤¾ß¿ÉÄÜ´´½¨ºÍɾ³ýÊý¾Ý¿â £¬´´½¨¡¢É¾³ý¡¢Åú¸ÄÊý¾Ý¿â±í £¬Ö´ÐÐSQL¾ç±¾ºÅÁîµÈ¡£


phpMyAdmin 4.8.4֮ǰ°æ±¾ÖдæÔÚËÁÒâÎļþ¶ÁÈ¡·ì϶ºÍDesigner½çÃæÖеÄSQL×¢Èë·ì϶ £¬¸ÅÊöÈçÏ£º

CVE-2019-6799

´Ë¹¥»÷ÒªÇó phpMyAdmin½« AllowArbitraryServerÖ¸ÁîÉèÖÃΪ true À´ÔËÐÐ £¬¶ø²»ÊÇĬÈÏÖµ¡£¹¥»÷Õß»¹±ØÐëͨ¹ý¼Ù×°³ÉMySQL·þÎñÆ÷ÔËÐжñÒâ·þÎñÆ÷¹ý³Ì¡£ÀûÓô˷ì϶Äܹ»¶ÁÈ¡·þÎñÆ÷ÉϵÄËÁÒâÎļþ¡£

CVE-2019-6798

´Ë·ì϶Äܹ»Ê¹ÓÃÌض¨µÄÓû§Ãûͨ¹ýÉè¼ÆÆ÷Ö°ÄÜ´¥·¢SQL×¢Èë¹¥»÷¡£


½¨¸´½¨Òé


Ä¿Ç°³§ÉÌÒÑ°ä²¼Éý¼¶²¹¶¡ÒÔ½¨¸´·ì϶ £¬Çë¸üÐÂÖÁphpMyAdmin 4.8.5. https://www.phpmyadmin.net/downloads/¡£


²Î¿¼Á´½Ó


https://www.phpmyadmin.net/news/2019/1/26/security-fix-phpmyadmin-485-released/

https://www.phpmyadmin.net/security/PMASA-2019-1/

https://www.phpmyadmin.net/security/PMASA-2019-2/

https://www.phpmyadmin.net/downloads/