Author Topic: phpMyAdmin security update  (Read 4237 times)

0 Members and 1 Guest are viewing this topic.

Offline
**
phpMyAdmin security update
« on: December 13, 2018, 11:50:48 PM »
Should I update manually or will it be in a CWP update?

Offline
***
Re: phpMyAdmin security update
« Reply #1 on: December 14, 2018, 01:04:24 AM »
Well, I don't know what security question you are pointing, but security questions are important, and sometimes cannot wait.

I've never tried this before, but you can try this site:
https://blog.bullten.com/centos-web-panel/upgrading-phpmyadmin-in-new-version-of-cwp/

Don't forget to make backups *before*.

Regards,
Netino

Offline
**
Re: phpMyAdmin security update
« Reply #2 on: December 14, 2018, 03:12:46 PM »
https://www.phpmyadmin.net/news/

The phpMyAdmin team is pleased to announce the release of phpMyAdmin version 4.8.4. Among other bug fixes, this contains several important security fixes.

The security fixes involve:

Local file inclusion (https://www.phpmyadmin.net/security/PMASA-2018-6/),
XSRF/CSRF vulnerabilities allowing a specially-crafted URL to perform harmful operations (https://www.phpmyadmin.net/security/PMASA-2018-7/), and
an XSS vulnerability in the navigation tree (https://www.phpmyadmin.net/security/PMASA-2018-8/)
In addition to the security fixes, this release also includes these bug fixes and more as part of our regular release cycle:

Issue with changing theme
Ensure that database names with a dot ('.') are handled properly when DisableIS is true
Fix for message "Error while copying database (pma__column_info)"
Move operation causes "SELECT * FROM `undefined`" error
When logging with $cfg['AuthLog'] to syslog, successful login messages were not logged when $cfg['AuthLogSuccess'] was true
Multiple errors and regressions with Designer

To manually update download the package https://www.phpmyadmin.net/downloads/

Rename /usr/local/cwpsrv/var/services/pma/  to /usr/local/cwpsrv/var/services/pmaBAK/

Create a new pma folder ... 

Unzip it and upload to /usr/local/cwpsrv/var/services/pma/

Copy  config.inc.php from the pmaBAK to the new pma folder.

You will get a warning when you first open phpMyAdmin but it shows instructions on how to fix it. Go to any database and open the operations tab. Creates an index I believe.

Delete the pmaBAK folder after testing the new install.
« Last Edit: December 14, 2018, 03:30:24 PM by GTMAN »

Offline
**
Re: phpMyAdmin security update
« Reply #3 on: December 28, 2019, 12:45:04 AM »
Should I update manually or will it be in a CWP update?

Well, I don't know what security question you are pointing, but security questions are important, and sometimes cannot wait.

I've never tried this before, but you can try this site:
https://blog.bullten.com/centos-web-panel/upgrading-phpmyadmin-in-new-version-of-cwp/

Don't forget to make backups *before*.

Regards,
Netino

 :) Hi "GTMAN" and "Netino",

PROBLEM SOLVED

Update phpMyAdmin to the latest phpMyAdmin v4.9.2 for CWP (Centos Web Panel) and CWP PRO (Centos Web Panel Pro) !


Hi, i discovered a great website https://www.mysterydata.com/ with a great administrator where you can find many guides for CWP and more, also by registering for free on the forum i found the solution to this problem thanks to the courtesy and extreme availability of the administrator.

SOLUTION:

Forum topic with solution at MysteryData.com :

https://forum.mysterydata.com/topic/12/how-to-update-phpmyadmin-v4-7-9-outdated-version-to-the-latest-phpmyadmin-v4-9-2-for-cwp-and-cwp-pro-for-centos-7

Guide with solution at MysteryData.com :

https://www.mysterydata.com/how-to-update-phpmyadmin-latest-version-on-cwp-centos-webpanel/

Good day and good work to all !

NOTE:

At the moment with CWP (Centos Web Panel) and CWP PRO (Centos Web Panel Pro) for Centos 7 the autologin function ONLY WORK with the phpMyAdmin v4.7.9 outdated version released on 05 March, 2018.

With this update to phpMyAdmin v4.9.2 which was released on 22 November, 2019 and with  the update to phpMyAdmin v4.9.3 which was released on 26 Decemberr, 2019 at the moment the autologin function NOT WORK with CWP (Centos Web Panel) and CWP PRO (Centos Web Panel Pro) for Centos 7


Stay hungry, stay foolish.