If I've read that page correctly, your config.inc.php would need to be writable by the web server for the vulnerability to work.
Personally, I never have it writable by the web server, and in any case my phpMyAdmin installs are IP address and username/password restricted in the Apache config. 2009/11/15 ManiKanth A <[email protected]>: > Hi guys, > > This looks quite serious and scary, am wondering if others are aware of this > : > > http://www.gnucitizen.org/blog/cve-2009-1151-phpmyadmin-remote-code-execution-proof-of-concept/ > > Anyone using PHPMyAdmin on their websites better check the above. > > As a first step might be good to change the folder name to something else > than phpmyadmin. > Also might be worth to update with latest version. > > - ManiKanth. > > > > > -- Chris Hope The Electric Toolbox Ltd Email: [email protected] Web: www.electrictoolbox.com Phone: +64 9 522 9531 Mobile: +64 21 866 529 --~--~---------~--~----~------------~-------~--~----~ NZ PHP Users Group: http://groups.google.com/group/nzphpug To post, send email to [email protected] To unsubscribe, send email to [email protected] -~----------~----~----~----~------~----~------~--~---
