Come on people. If you need a GUI to administer MySQL there are better ways to do it than to expose a PHP script to the world:
- restrict phpMyAdmin to “localhost” and forward port 80 via openSSH
- restrict phpMyAdmin to “localhost” and forward X to access a GUI client application, or
- forward the port for MySQL over openSSH and use a GUI client where you are.
The key is port-forwarding using openSSH. This should be the default means of transmitting sensitive data over the network. This encrypts the data and prevents anyone anywhere from having access.
Run this on your PC
ssh -q -L 4025:remote-server:3306 username@remote-server and MySQL will be available on local port 4025. Then run phpMyAdmin or MySQL-query-browser or other GUI on your local PC. You can use 3128 as the local port instead of an arbitrary port like 4025 if you are not running MySQL there already.
If you have multiple users needing the access, do the same thing for each of their PCs.
Of course phpMyAdmin needs fixing but port-forwarding is a quick fix in many cases and may well prevent other vulnerabilities from biting. The simplest solution is often the best in terms of performance and security. The particular vulnerability is only exploitable by authenticated users but you never know what the future holds. A layered defence minimizing risk at each layer is best.