OpenCSW Bug Tracker

Viewing Issue Simple Details Jump to Notes ] View Advanced ] Issue History ] Print ]
ID Category Severity Reproducibility Date Submitted Last Update
0004857 [phpmyadmin] upgrade major always 2011-11-07 21:34 2011-11-09 09:09
Reporter bwalton View Status public  
Assigned To bonivart
Priority high Resolution fixed  
Status closed  
Summary 0004857: Exploit in the wild for phpmyadmin
Description Hi Peter,

There is an in the wild exploit for phpmyadmin right now: [^] [^]

Time for an upgrade (and likely a notice on users@/announce@?)

Additional Information From our local security team:

"GET /phpmyadmin/index.php?session_to_unset=" followed by a few
variables/values, and quite a bit of encoded attack code.

That should tell you if you were attacked (but not if the attacks were
successful). The attack will likely drop a backdoor on your system. Look for
a subsequent successful connection to the backdoor to determine if you've been
Tags No tags attached.
Attached Files

- Relationships

-  Notes
bonivart (developer)
2011-11-08 09:17

Luckily I had 3.4.5 sitting in experimental so I just uploaded it to unstable.

Copyright © 2000 - 2008 Mantis Group
Powered by Mantis Bugtracker