TYPO3-EXT-SA-2019-014: Уязвимости «phpMyAdmin»

Было обнаружено, что расширение «phpMyAdmin» подвержено произвольному чтению файлов и внедрению SQL.

Problem Description

Multiple vulnerabilities have been found in the phpMyAdmin component.

Solution

An updated version 5.3.0  is available from the TYPO3 extension manager and at https://typo3.org/extensions/repository/download/phpmyadmin/5.3.0/zip/
Users of the extension are advised to update the extension as soon as possible. 

Note: In general the TYPO3 Security Team recommends to not use any extension that bundles database or file management tools on production TYPO3 websites.Credits

Thanks to Andreas Beutel for providing a TYPO3 extension package with an updated phpMyAdmin version.

General Advice

Follow the recommendations that are given in the TYPO3 Security Guide. Please subscribe to the typo3-announce mailing list.

Назад