New bug in add-on tool fof MySQL


New bug in add-on tool fof MySQL

Users of the open-source MySQL database could be at risk from remote attacks from a bug in phpMyAdmin, the web-based MySQL administration tool.

The phpMyAdmin project warned of a bug in the way the tool's MIME-based transformation system handles "external" transformations.

Attackers could exploit the hole to execute arbitrary commands on a web server with the privileges of the server's user, the project said.

A patch fix is available on the phpMyAdmin site.

The vulnerability can only be exploited on systems where PHP's safe mode is turned off. Danish security firm Secunia said the flaw is serious, giving it a "highly critical" ranking.

The new flaw is the most serious to have been uncovered in phpMyAdmin to date; previous bugs, including some allowing configuration manipulation, code injection and cross site scripting, have been only moderately dangerous, according to security researchers.

PhpMyAdmin has become the de facto standard for controlling MySQL databases over a web-based interface, though it faces numerous competitors. Like MySQL it is distributed under an open-source licence.

MySQL has gained ground in the database market, particularly in small to medium-sized businesses, industry analysts say. Enterprises are also beginning to eye the product as an alternative to Oracle.

Matthew Broersma writes for Techworld

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy