phpMyAdmin SQL注入漏洞(CVE-2016-5703)

phpMyAdmin SQL注入漏洞(CVE-2016-5703)


发布日期:2016-06-22
更新日期:2016-06-24

受影响系统:

phpMyAdmin phpMyAdmin 4.6.x
phpMyAdmin phpMyAdmin 4.4.x

描述:


CVE(CAN) ID: CVE-2016-5703

phpmyadmin是MySQL数据库的在线管理工具。

phpmyadmin 4.6.x、4.4.x版本存在SQL注入漏洞,攻击者利用此漏洞可以root权限运行任意命令。

<*来源:"geeknik" Carpenter
  *>

建议:


厂商补丁:

phpMyAdmin
----------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

https://www.phpmyadmin.net/security/PMASA-2016-19/
  https://www.phpmyadmin.net/security/PMASA-2016-20/
  https://www.phpmyadmin.net/security/PMASA-2016-21/
  https://www.phpmyadmin.net/security/PMASA-2016-22/
  https://www.phpmyadmin.net/security/PMASA-2016-23/
  https://www.phpmyadmin.net/security/PMASA-2016-24/
  https://www.phpmyadmin.net/security/PMASA-2016-25/
  https://www.phpmyadmin.net/security/PMASA-2016-26/
  https://www.phpmyadmin.net/security/PMASA-2016-27/
  https://www.phpmyadmin.net/security/PMASA-2016-28/

phpMyAdmin 的详细介绍:请点这里
phpMyAdmin 的下载地址:请点这里

相关推荐