phpMyAdmin 4.7.4 SQL injection vulnerability

  • How would you upgrade phpMyAdmin and MonstaFTP? Just replace all files manually, and never run imscp-reconfigure again?

    Since we don't have access to Nuxwin server, we can't do it any other way at the moment.

    my System :

    - Distribution: Debian | Release: 9.13 | Codename: wheezy
    - i-MSCP Version: i-MSCP 1.5.3| Build: 20181208 | Codename: Ennio Morricone
    - Plugins installed: ClamAV (v. 1.3.0), Mailgraph (v 1.1.1), OpenDKIM (v 2.0.0), SpamAssassin (v 2.0.1)
    - LetsEncrypt (v3.3.0), PhpSwitcher (v 5.0.5), RoundcubePlugins (v 2.0.2)YubiKeyAuth 1.1.0

  • It looks like Nuxwin is more on holiday than on coding.


    Is someone seriously interested in a fork?

    Pffff...

    badge.php?id=1239063037&bid=2518&key=1747635596&format=png&z=547451206

  • The question should not be when and how often Nuxwin is on vacation. I like being on vacation myself very much. Also, I'm sure most people would agree that he spent a whole lot of his free time to maintain and improve i-MSCP.


    However, while maintaining this project on your own is not an easy job, it is also not very easy to contribute to i-MSCP. I'm almost sure that some of the i-MSCP users would be happy to contribute little things, like bug fixes, updates, translations and stuff. But, it is completely non-transparent what the last development status is, how the roadmap looks like, or where and how to contribute. For an opensource project, getting users in is the way how you distribute workload, which then allows you to be on vacation without worrying whether a bug or security issue needs to be addressed.


    Maybe you are familiar with the bus factor (https://en.wikipedia.org/wiki/Bus_factor), which I assume close to 1 for the i-MSCP project.


    Nuxwin I don't know the reasons for your way of developing i-MSCP (i.e., using private git repos), but maybe you are open for a discussion or interested in getting people in to support you?

  • Speddy I see you did upgrade to the PhpMyAdmin 5.x series.


    When I did it on two servers, it's working, but there is "a sneaky bug" with me.

    Can you go when logged (admin or user), on any database (left menu), inside the "new table" link (in your screen page 3, would be the "Neu" link, the URL you should get is of this form : "https://YourPanel.tld/pma/tbl_create.php?server=X&db=DBName") ?

    When I click on it, infinite loading, nothing came to me (just the URL change, if I refresh, get a long error).


    So far, I'm stuck with release 4.9.x :'(

  • When I click on it, infinite loading, nothing came to me (just the URL change, if I refresh, get a long error).

    I'm using PMA 4.9.7 with PHP 7.0 ... but you could try to delete the content of:

    /var/lib/nginx/fastcgi


    afterwards restart the panel

    service nginx restart

    service imscp_panel restart

  • The content of /var/lib/nginx/fastcgi is empty, and I already restart the imscp_panel service (if not done, can't access any PMA page).

    That's really odd, really sounds like a cache issue, but don't know where it lies (but as far as PMA 4.9.x is updated, it's fine... for now)

  • I use php7.1 as standard for the i-mscp panel you should change if necessary.

    my System :

    - Distribution: Debian | Release: 9.13 | Codename: wheezy
    - i-MSCP Version: i-MSCP 1.5.3| Build: 20181208 | Codename: Ennio Morricone
    - Plugins installed: ClamAV (v. 1.3.0), Mailgraph (v 1.1.1), OpenDKIM (v 2.0.0), SpamAssassin (v 2.0.1)
    - LetsEncrypt (v3.3.0), PhpSwitcher (v 5.0.5), RoundcubePlugins (v 2.0.2)YubiKeyAuth 1.1.0