Upgrade your CyberPanel installation (phpMyAdmin vulnerability)!
A vulnerability was recently found in phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server.
https://nvd.nist.gov/vuln/detail/CVE-2020-5504
CyberPanel's Github stable branch 1.9.4 and beta branch 1.9.5 is patched by now. Please run upgrade script using the following command.
sh <(curl https://raw.githubusercontent.com/usmannasir/cyberpanel/stable/preUpgrade.sh || wget -O - https://raw.githubusercontent.com/usmannasir/cyberpanel/stable/preUpgrade.sh)
https://nvd.nist.gov/vuln/detail/CVE-2020-5504
CyberPanel's Github stable branch 1.9.4 and beta branch 1.9.5 is patched by now. Please run upgrade script using the following command.
sh <(curl https://raw.githubusercontent.com/usmannasir/cyberpanel/stable/preUpgrade.sh || wget -O - https://raw.githubusercontent.com/usmannasir/cyberpanel/stable/preUpgrade.sh)
Tagged:
Tagged:
Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
Comments
The hacker changed my root user for PHPMyAdmin, the password and the Data Base name for one of my websites and now I'm unable to change the user or the data base name :( . Any advise ? I'm new using the Cyberpanel, I used to work with cpanel and I'm still learning here.
Thanks