[TYPO3-announce] [Ticket#201906255760000019] SQL Injection and CSRF in third party TYPO3 extension "phpMyAdmin" (phpmyadmin)

TYPO3 Security Team security at typo3.org
Tue Jun 25 10:52:54 CEST 2019


Dear TYPO3 users,

It has been discovered that the TYPO3 extension "phpMyAdmin" (phpmyadmin) is
susceptible to SQL Injection and CSRF.

For further information on the issue, please read the related advisory which
was published today:

TYPO3-EXT-SA-2019-014: Multiple vulnerabilities in extension "phpMyAdmin"
(phpmyadmin)
[1]https://typo3.org/security/advisory/typo3-ext-sa-2019-014/

In general the TYPO3 Security Team recommends to read the following pages:

The TYPO3 Security Guide:
[2]https://docs.typo3.org/typo3cms/CoreApiReference/Security/Index.html

Make sure you are subscribed to the TYPO3 Announce List:
[3]http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-announce

See all TYPO3 security advisories:
[4]https://typo3.org/help/security-advisories/

Regards,

Torben Hansen
Member of the TYPO3 Security Team

--
TYPO3 Security Team homepage: [5]https://typo3.org/teams/security/

E-Mail: security at typo3.org

Please note: When replying to this e-mail, please leave the header intact.


[1] https://typo3.org/security/advisory/typo3-ext-sa-2019-014/
[2] https://docs.typo3.org/typo3cms/CoreApiReference/Security/Index.html
[3] http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-announce
[4] https://typo3.org/help/security-advisories/
[5] https://typo3.org/teams/security/


More information about the TYPO3-announce mailing list