My Senior Engineer cannot install PHPMyAdmin manually in Ubuntu

This page summarizes the projects mentioned and recommended in the original post on /r/sysadmin
RDBMS PHP MySQL web-app MariaDB

InfluxDB
Our great sponsors
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • WorkOS - The modern identity platform for B2B SaaS
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • phpMyAdmin

    A web interface for MySQL and MariaDB

    I actually have a publicly available mysql.website.com so I was shocked by this at first so thought I'd go through that page..I think it says "no auth" because phpMyAdmin can be configured so you don't need to authenticate? Looking at vulnerabilities since 2010:* CVE-2010-3055, CVE-2011-2506 - code exec - Your unconfigured publicly available phpMyAdmin install's setup is vulnerable with certain server configs* CVE-2012-5159 - "code exec" - a korean sourceforge mirror of the 3.5.2.2 codebase had a trojan in it that allowed code exec that 400 people downloaded* CVE-2016-5703 - sql injection - says no auth but it's a vuln in functions that get the columns for a table.* CVE-2016-5734 - code exec - The poc shows a password is required: https://www.exploit-db.com/exploits/40185 "parser.add_argument("-p", "--pwd", required=True"* CVE-2016-6620 - "code exec" - https://github.com/phpmyadmin/phpmyadmin/commit/ba072e4 The patch shows unserialize is only used for parsing a schema snapshot (and "code execution" using this vuln is a stretch, you can run a class destructor with arbitrary variables and destructors rarely do anything exploitable)* CVE-2016-9849 - auth bypass - You're vulnerable to this if you have a root account with no password and are running an old version of php where empty(chr(0) . "asdf") returns true* CVE-2016-9865 - workaround of the patch for CVE-2016-6620, still need auth* CVE-2017-18264 - auth bypass - Some old versions of php will allow users without a password to logon* CVE-2019-6798, CVE-2019-11768, CVE-2019-18622 "through the designer feature."* CVE-2019-19617 - ?? - some info from git e.g. hashes/releases is inserted into HTML i.e. you need to be able to commit to the git repo to exploit* CVE-2020-26935 - sql injection - you can inject sql via the table manager's search function .. note you can also "inject sql" via the "run SQL" tab that the table manager links to, I don't know if they consider that a vulnerability

  • InfluxDB

    Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts