phpMyAdminÎó²îÇ徲ͨ¸æ

Ðû²¼Ê±¼ä 2019-01-28

Îó²î±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2019-6799£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÑÏÖØ£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-6798£¬£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨


Ó°Ïì¹æÄ£


ÊÜÓ°Ïì°æ±¾£º

CVE-2019-6799£º

phpMyAdmin 4.0µ½4.8.4

CVE-2019-6798£º

phpMyAdmin 4.5.0µ½4.8.4


Îó²î¸ÅÊö


phpMyAdminÊÇphpMyAdminÍŶӿª·¢µÄÒ»Ì×Ãâ·ÑµÄ¡¢»ùÓÚWebµÄMySQLÊý¾Ý¿âÖÎÀí¹¤¾ß¡£¡£¡£¸Ã¹¤¾ßÄܹ»½¨ÉèºÍɾ³ýÊý¾Ý¿â£¬£¬£¬£¬£¬£¬½¨É衢ɾ³ý¡¢ÐÞ¸ÄÊý¾Ý¿â±í£¬£¬£¬£¬£¬£¬Ö´ÐÐSQL¾ç±¾ÏÂÁîµÈ¡£¡£¡£


phpMyAdmin 4.8.4֮ǰ°æ±¾Öб£´æí§ÒâÎļþ¶ÁÈ¡Îó²îºÍDesigner½çÃæÖеÄSQL×¢ÈëÎó²î£¬£¬£¬£¬£¬£¬¸ÅÊöÈçÏ£º

CVE-2019-6799

´Ë¹¥»÷ÒªÇó phpMyAdmin½« AllowArbitraryServerÖ¸ÁîÉèÖÃΪ true À´ÔËÐУ¬£¬£¬£¬£¬£¬¶ø²»ÊÇĬÈÏÖµ¡£¡£¡£¹¥»÷Õß»¹±ØÐèͨ¹ýαװ³ÉMySQLЧÀÍÆ÷ÔËÐжñÒâЧÀÍÆ÷Àú³Ì¡£¡£¡£Ê¹ÓôËÎó²î¿ÉÒÔ¶ÁȡЧÀÍÆ÷ÉϵÄí§ÒâÎļþ¡£¡£¡£

CVE-2019-6798

´ËÎó²î¿ÉÒÔʹÓÃÌض¨µÄÓû§Ãûͨ¹ýÉè¼ÆÆ÷¹¦Ð§´¥·¢SQL×¢Èë¹¥»÷¡£¡£¡£


ÐÞ¸´½¨Òé


ÏÖÔÚ³§ÉÌÒÑÐû²¼Éý¼¶²¹¶¡ÒÔÐÞ¸´Îó²î£¬£¬£¬£¬£¬£¬Çë¸üÐÂÖÁphpMyAdmin 4.8.5. https://www.phpmyadmin.net/downloads/¡£¡£¡£


²Î¿¼Á´½Ó


https://www.phpmyadmin.net/news/2019/1/26/security-fix-phpmyadmin-485-released/

https://www.phpmyadmin.net/security/PMASA-2019-1/

https://www.phpmyadmin.net/security/PMASA-2019-2/

https://www.phpmyadmin.net/downloads/