June 13, 2016
phpMyAdmin Project Successfully Completes Security Audit
Code is Robust with No Serious Vulnerabilities Found
Software Freedom Conservancy congratulates its phpMyAdmin project on successfully completing a thorough security audit, as part of Mozilla’s Secure Open Source Fund. No serious issues were found in the phyMyAdmin codebase.
Mozilla launched the SOS Fund as part of its Open Source Support Program. The SOS Fund focuses on auditing, remediation, and verification for key free and open source software projects. Conservancy’s phpMyAdmin project was one of the first projects selected for the program. The security audit was performed by NCC Group. The phpMyAdmin team participated actively in the audit, making its key members available to the NCC Group team. As the audit states, the project
has been one of the defacto tools for managing and maintaining MySQL databases for years. Its wide adoption matched with its potential for misuse, warrants
regular review from a security perspective.
While no serious issues were found, the audit team found 3 medium risk and 5 low risk vulnerabilities, plus one informational issue. Most of these issues are already fixed in 4.6.2 release, and the more severe issues were covered by PMASA-2016-14, PMASA-2016-15 and PMASA-2016-16. The fixes were backported to older releases as well.
We at the phpMyAdmin project are excited to have been one of the early
said project team member Isaac Bennetch,
programs selected by the Mozilla SOS Fund,
We appreciate Mozilla’s dedication to ensuring making software more secure and are pleased that no serious flaws were found during the phpMyAdmin audit.
Conservancy and the phpMyAdmin project are proud of the results and thank Mozilla for funding and initiating the audit, well positioning phpMyAdmin to continue its critical role in free software with confidence. The full audit report is available here.