A web developer wanted to warn others in the community about a vulnerability. It is a PHP MyAdmin that affects all versions with zero-day vulnerabilities. One experienced web developer stated that this is why coders should not conduct state changing actions with a "GET" request. Most people agreed that web developers should drop the PHP MyAdmin function in order to increase their security.
Several people offered suggestions for administrative tools that are better for security reasons. One person suggested DBeaver, which works in the desktop version of Linux. Another person offered a suggestion of Sequel Pro for Mac OS users. Several people seconded these suggestions, noting that DBever also works in the Windows environment.
Others offered suggestions for tools that are on the pricey side, but they perform to high standards. One such tool is Data Grip by Jet Brains. A person suggested Adminer as a tool for a person's Ubuntu servers. However, they were not sure about the vulnerabilities of Adminer, so they said it would be a good idea to proceed with caution. Another person offered trying Navicat Premium, which is also pricey, but worth the money in this person's opinion.
A different person wanted to give others more information about what the vulnerability entails so that they can decide for themselves if it is worth sticking with PHP MyAdmin, or if they should choose some other way of going about what they need to do. This person shared that the vulnerability allows a person to delete a server config in PHP MyAdmin. The config can be redone at any time, so it is not a permanent problem. However, it could be frustrating, and it could cause a lapse in functionality that cause a problem for a company.
No matter what a person uses in their web development, it is essential to stay on top of all of the vulnerabilities. New issues get brought to light on a daily basis for all tools, platforms and operating systems. While it is a lot to stay on top of, spending this time is a worthwhile investment in prevention of problems. For more information click here https://thehackernews.com/2019/09/phpmyadmin-csrf-exploit.html.