John Ives from the campus SNS (System & Network Security) wrote:
“Everyone,
As many of you may be aware, web based management tools, whether they are used to manage database backends, web content or anything else, are frequently the targets of attacks by would be hackers. In both March an April, phpMyAdmin, a tool for managing MySQL servers via the web, released patches for issues that would allow users to execute arbitrary php code on the server. In the last couple of days, System and Network
Security has seen a marked increase in the number of attackers who have been scanning for these vulnerabilities across campus. This increase also coincides with an increase in phpMyAdmin scanning that has been reported from other sources, like the Internet Storm Center.
If your system runs phpMyAdmin and you have not already applied the March and April patches (see the reference section below), I would urge you to do so, as soon as possible.
Yours,
John Ives
References:
phpMyAdmin Homepage:
April Patch:
March Patch: