A critical security vulnerability has been reported in phpMyAdmin—one of the most well-known applications for managing the MySQL database—which could allow remote attackers to perform dangerous database operations just by tricking administrators into clicking a link.
Discovered by an Indian security researcher, Ashutosh Barot, the vulnerability will be a cross-site request forgery (CSRF) attack along with affects phpMyAdmin versions 4.7.x (prior to 4.7.7).
Cross-site request forgery vulnerability, also known as XSRF, will be an attack wherein an attacker tricks an authenticated user into executing an unwanted action.
According to an advisory released by phpMyAdmin, “by deceiving a user to click on a crafted URL, the item will be possible to perform harmful database operations such as deleting records, dropping/truncating tables, etc.“
phpMyAdmin will be a free along with open source administration tool for MySQL along with MariaDB along with will be widely used to manage the database for websites created with WordPress, Joomla, along with many some other content management platforms.
Moreover, a lot of hosting providers use phpMyAdmin to offer their customers a convenient way to organize their databases.
Barot has also released a video, as shown above, demonstrating how a remote attacker can make database admins unknowingly delete (DROP) an entire table by the database just by tricking them into clicking a specially crafted link.
“A feature of phpMyAdmin was using Get requests for Database operations such as DROP TABLE table_name; Get requests must be protected against CSRF attacks,” Barot explains in a blog post.
However, performing of which attack will be not simple as the item may sound. To prepare a CSRF attack URL, the attacker should be aware of the name of targeted database along with table.
“If a user executes a query on the database by clicking insert, DROP, etc. buttons, the URL will contain database name along with table name,” Barot says. “of which vulnerability can result inside the disclosure of sensitive information as the URL will be stored at various places such as browser history, SIEM logs, Firewall Logs, ISP Logs, etc.”
Barot reported the vulnerability to phpMyAdmin developers, who confirmed his finding along with released phpMyAdmin 4.7.7 to address of which issue. So administrators are highly recommended to update their installations as soon as possible.