phpMyAdmin SQL注入漏洞(CVE-2016-5703)
发布日期:2016-06-22
更新日期:2016-06-24
受影响系统:
phpMyAdmin phpMyAdmin 4.4.x
描述:
CVE(CAN) ID: CVE-2016-5703
phpmyadmin是MySQL数据库的在线管理工具。
phpmyadmin 4.6.x、4.4.x版本存在SQL注入漏洞,攻击者利用此漏洞可以root权限运行任意命令。
<*来源:"geeknik" Carpenter
*>
建议:
厂商补丁:
phpMyAdmin
----------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
https://www.phpmyadmin.net/security/PMASA-2016-19/
https://www.phpmyadmin.net/security/PMASA-2016-20/
https://www.phpmyadmin.net/security/PMASA-2016-21/
https://www.phpmyadmin.net/security/PMASA-2016-22/
https://www.phpmyadmin.net/security/PMASA-2016-23/
https://www.phpmyadmin.net/security/PMASA-2016-24/
https://www.phpmyadmin.net/security/PMASA-2016-25/
https://www.phpmyadmin.net/security/PMASA-2016-26/
https://www.phpmyadmin.net/security/PMASA-2016-27/
https://www.phpmyadmin.net/security/PMASA-2016-28/
phpMyAdmin 的详细介绍:请点这里
phpMyAdmin 的下载地址:请点这里