Michal Čihař - Check your phpMyAdmin installations

Check your phpMyAdmin installations

If you run some public phpMyAdmin installation, it's time to check for latest security updates. As it looks like these vulnerabilities are being widely exploited by some worm.

If you did not use phpMyAdmin setup script, or if you strictly followed documented way for generating config file, you are on safe side. However there seem to be enough people, who left writable config directory even after configuring phpMyAdmin and it allows growth of such worm.

PS: See also proof of concept for the exploit.

New Comment

Due to excessive spam, new comments are disabled. If you have some feedback on this post, please send me email or followup on Twitter or Facebook.