Shutterstock 182187896 Compressor

Are you a phpMyAdmin user? A researcher has just published a zero-day security bug in one of the web’s most popular database administration software packages. Learn more:

The bug makes it possible for an attacker to delete a server by hijacking a user’s account inphpMyAdmin, a 21-year-old open-source tool used to manage MySQL and MariaDB databases.

The flaw is a classic cross-site request forgery (CSRF). It’s a long-used attack in which an attacker can force a logged-in user’s browser to perform malicious actions such as changing their account details. A browser request includes any details associated with the site, such as the user’s session cookie, making it difficult to distinguish between the real request and a forged one.

Thebug reporton the Full Disclosure mailing says that an attack would have to target phpMyAdmin’s setup page. TheCVE listing for the buggives it a medium severity rating.

The link for this article located at Naked Security is no longer available.