Upgrade your CyberPanel installation (phpMyAdmin vulnerability)! — CyberPanel - WebHosting Control Panel for OpenLiteSpeed
CyberHosting

Upgrade your CyberPanel installation (phpMyAdmin vulnerability)!

edited March 27 in Database Server
A vulnerability was recently found in phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server.

https://nvd.nist.gov/vuln/detail/CVE-2020-5504

CyberPanel's Github stable branch 1.9.4 and beta branch 1.9.5 is patched by now. Please run upgrade script using the following command.

sh <(curl https://raw.githubusercontent.com/usmannasir/cyberpanel/stable/preUpgrade.sh || wget -O - https://raw.githubusercontent.com/usmannasir/cyberpanel/stable/preUpgrade.sh)
Tagged:
Tagged:

Comments

  • cPanel is very vulnerable.
  • Thanks for the best one.
    http://ghdsports.xyz/
  • 1 more issue when we install any php version and we try to edit upload sql size on confi it keep the same 2mb size didnt increase kindly fix this issue
  • In cyberpanel version 2.0.3, we cannot log in with the root user since it is entered as auto-access in phpmyadmin. How can I login to phpmyadmin as root user.
  • This helped me (for MariaDB) https://www.digitalocean.com/community/tutorials/how-to-reset-your-mysql-or-mariadb-root-password
  • klasekp That has nothing to do with what mysterio918 stated. I'm having the same issue as mysterio918 but it has nothing to do with the root password. We have access via command line as root but there is no way in 2.0.3 to log into phpMyadmin as the root user.

    There should be a way to access as root user to phpmyadmin
  • Type your comment> @quoviz_dev said:
    > klasekp That has nothing to do with what mysterio918 stated. I'm having the same issue as mysterio918 but it has nothing to do with the root password. We have access via command line as root but there is no way in 2.0.3 to log into phpMyadmin as the root user.
    >
    > There should be a way to access as root user to phpmyadmin

    This will be fixed in the upcoming version.
Sign In or Register to comment.
CyberPanel Discord

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!