Security Issue found!

Discussion in 'Server Operation' started by concept21, Oct 4, 2017.

  1. concept21

    concept21 Member

    Please see the attachment!
    A normal user can edit the internal schema through the web interface of phpmyadmin!
    Please advice! My system is ispconfig 3.1.7, Ubuntu 16.04.3 amd64! :eek:
     

    Attached Files:

  2. till

    till Super Moderator Staff Member ISPConfig Developer

    That's not a security issue and not even ISPConfig related. The MySQL information_schema table is an info database in MySQL that is visible for each MySQL user, no matter if you created him in ISPConfig or otherwise and the user cannot edit it anyway.

    I'll quote a text from MySQL documentation:

    See: https://dev.mysql.com/doc/refman/5.7/en/information-schema.html

    Btw. If you don't want this to show up in phpmyadmin, then you can set it to be hidden:

    https://stackoverflow.com/questions/12071460/how-to-hide-information-schema-database-from-phpmyadmin
     
    concept21 likes this.

Share This Page