New bug in add-on tool fof MySQL

Users of the open-source MySQL database could be at risk from remote attacks from a bug in phpMyAdmin, the web-based MySQL...

This Article Covers


Users of the open-source MySQL database could be at risk from remote attacks from a bug in phpMyAdmin, the web-based MySQL administration tool.

The phpMyAdmin project warned of a bug in the way the tool's MIME-based transformation system handles "external" transformations.

Attackers could exploit the hole to execute arbitrary commands on a web server with the privileges of the server's user, the project said.

A patch fix is available on the phpMyAdmin site.

The vulnerability can only be exploited on systems where PHP's safe mode is turned off. Danish security firm Secunia said the flaw is serious, giving it a "highly critical" ranking.

The new flaw is the most serious to have been uncovered in phpMyAdmin to date; previous bugs, including some allowing configuration manipulation, code injection and cross site scripting, have been only moderately dangerous, according to security researchers.

PhpMyAdmin has become the de facto standard for controlling MySQL databases over a web-based interface, though it faces numerous competitors. Like MySQL it is distributed under an open-source licence.

MySQL has gained ground in the database market, particularly in small to medium-sized businesses, industry analysts say. Enterprises are also beginning to eye the product as an alternative to Oracle.

Matthew Broersma writes for Techworld



Enjoy the benefits of CW+ membership, learn more and join.

Read more on PC hardware



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:




  • Dissecting the Hack

    In this excerpt from chapter three of Dissecting the Hack: The V3RB0TEN Network, authors Jayson E. Street, Kristin Sims and Brian...

  • Digital Identity Management

    In this excerpt of Digital Identity Management, authors Maryline Laurent and Samia Bousefrane discuss principles of biometrics ...

  • Becoming a Global Chief Security Executive Officer

    In this excerpt of Becoming a Global Chief Security Executive Officer: A How to Guide for Next Generation Security Leaders, ...