- Plesk for Linux
- Plesk for Windows
phpMyAdmin issued a vulnerability alert on 2018-01-03 [CVE-2017-1000499] : phpMyAdmin versions 4.7.x (prior to 188.8.131.52/4.7.7) are vulnerable to a CSRF weakness.
phpMyAdmin versions < 4.7.0 are not affected.
By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc. The vulnerability is described in this article .
The latest phpMyAdmin version that shipped with Plesk is 4.6.6 which is not affected by the vulnerability.
Call to Action
phpMyAdmin developers already released version 4.7.7 that contains fix for the vulnerability.
As it was mentioned phpMyAdmin installation shipped with Plesk are not affected.
If there is custom installation of phpMyAdmin version 4.7.x, it have to be upgraded to 4.7.7 version.