phpMyAdmin·ì϶°²È«¹«¸æ

°ä²¼¹¦·ò 2019-01-28

·ì϶±àºÅºÍ¼¶±ð


CVE±àºÅ£ºCVE-2019-6799£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£ºÑϳÁ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨

CVE±àºÅ£ºCVE-2019-6798£¬£¬£¬£¬£¬Î£ÏÕ¼¶±ð£º¸ßΣ£¬£¬£¬£¬£¬CVSS·ÖÖµ£º¹Ù·½Î´ÆÀ¶¨


Ó°ÏìÁìÓò


ÊÜÓ°Ïì°æ±¾£º

CVE-2019-6799£º

phpMyAdmin 4.0µ½4.8.4

CVE-2019-6798£º

phpMyAdmin 4.5.0µ½4.8.4


·ì϶¸ÅÊö


phpMyAdminÊÇphpMyAdminÍŶӿª·¢µÄÒ»Ì×Ãâ·ÑµÄ¡¢»ùÓÚWebµÄMySQLÊý¾Ý¿âÖÎÀí¹¤¾ß¡£¡£¡£¡£¡£¡£¸Ã¹¤¾ß¿ÉÄÜ´´½¨ºÍɾ³ýÊý¾Ý¿â£¬£¬£¬£¬£¬´´½¨¡¢É¾³ý¡¢Åú¸ÄÊý¾Ý¿â±í£¬£¬£¬£¬£¬Ö´ÐÐSQL¾ç±¾ºÅÁîµÈ¡£¡£¡£¡£¡£¡£


phpMyAdmin 4.8.4֮ǰ°æ±¾ÖдæÔÚËÁÒâÎļþ¶ÁÈ¡·ì϶ºÍDesigner½çÃæÖеÄSQL×¢Èë·ì϶£¬£¬£¬£¬£¬¸ÅÊöÈçÏ£º

CVE-2019-6799

´Ë¹¥»÷ÒªÇó phpMyAdmin½« AllowArbitraryServerÖ¸ÁîÉèÖÃΪ true À´ÔËÐУ¬£¬£¬£¬£¬¶ø²»ÊÇĬÈÏÖµ¡£¡£¡£¡£¡£¡£¹¥»÷Õß»¹±ØÐëͨ¹ý¼Ù×°³ÉMySQL·þÎñÆ÷ÔËÐжñÒâ·þÎñÆ÷¹ý³Ì¡£¡£¡£¡£¡£¡£ÀûÓô˷ì϶Äܹ»¶ÁÈ¡·þÎñÆ÷ÉϵÄËÁÒâÎļþ¡£¡£¡£¡£¡£¡£

CVE-2019-6798

´Ë·ì϶Äܹ»Ê¹ÓÃÌض¨µÄÓû§Ãûͨ¹ýÉè¼ÆÆ÷Ö°ÄÜ´¥·¢SQL×¢Èë¹¥»÷¡£¡£¡£¡£¡£¡£


½¨¸´½¨Òé


Ä¿Ç°³§ÉÌÒÑ°ä²¼Éý¼¶²¹¶¡ÒÔ½¨¸´·ì϶£¬£¬£¬£¬£¬Çë¸üÐÂÖÁphpMyAdmin 4.8.5. https://www.phpmyadmin.net/downloads/¡£¡£¡£¡£¡£¡£


²Î¿¼Á´½Ó


https://www.phpmyadmin.net/news/2019/1/26/security-fix-phpmyadmin-485-released/

https://www.phpmyadmin.net/security/PMASA-2019-1/

https://www.phpmyadmin.net/security/PMASA-2019-2/

https://www.phpmyadmin.net/downloads/