A security issue has been found in the development versions 1.9.8-dev that were published between 2017-01-22 and 2017-08-17 (today). These versions allow attackers to change or delete existing databases or create new databases without authentication. Stable versions are not affected.
If you cloned phpLiteAdmin from git, you are probably affected as well. In that case, just do a pull to get the fixed version.
If you want to check whether your version is affected, check the line saying “Last updated:” at the top of the phpliteadmin.php file. If it is between the range given above, then you are affected.
Any affected installation should be updated as soon as possible to the latest development version.
And please keep the note from our Download page in mind:
Note that development versions are not tested as thoroughly as stable versions.
This also means it might not be a good idea to publicly expose development versions. You might consider to put at least an htacces protection on the directory.
Leave a Reply