A design flaw in website database MySQL could allow hackers to maliciously access users’ data. But what are the threats, and could you be at risk?

What is MySQL?

MySQL is an open source relational database management system, most commonly used to store data for websites and web servers.


What’s the vulnerability?

MySQL has issued a security notice that a design flaw could allow some files to be maliciously accessed via Adminer, a popular tool used to manage websites running on a MySQL database.

The flaw is found in the file transfer process between a client host (a device connected to a website) and a MySQL server. Essentially, it allows an attacker who’s running a rogue MySQL server (a server that’s connected to the network but isn’t controlled by MySQL) to view any data the connected device can access.

Data accessible by hackers includes log in information and passwords to important applications such as WordPress.


Could you be at risk?

If you’re running versions of Adminer below 4.7.0, you could be at risk of an attack.

Ultimately, a cyber-attack can cause great harm to an organisation, including detriment to hard-earned reputation.


How to protect yourself

Ensuring your Adminer tool is running on version 4.7.0 or above will disable this behaviour and mitigate the risk.
Better still, restricting access to Adminer or any other non-public facing pages – or removing the tool all together (so long as it’s not needed) – is the best prevention.

If you’re not sure, speak to your web developer about precautions you can take.

There has never been a more important time to be aware of the Cyber Security threat landscape. The MySQL vulnerability is a great example of how such a commonly used system can be exploited by malicious third parties for illicit purposes. With new threats constantly emerging, such as the one discussed here, business owners must take precautions to help protect their organisations from vulnerabilities and subsequent breaches to ultimately safeguard their data and intellectual property.

Lee Johnson, Chief Technology at Air IT

Concerned about Cyber Security?

When it comes to cyber security, prevention is always better than cure.

If you have any concerns, contact us today to find out more about our services and how your business could benefit from our cyber security services, including Cyber Essentials certification with our specialist security division Air Sec.