[TYPO3-announce] [Ticket#201906255760000019] SQL Injection and CSRF in third party TYPO3 extension "phpMyAdmin" (phpmyadmin)
TYPO3 Security Team
security at typo3.org
Tue Jun 25 10:52:54 CEST 2019
Dear TYPO3 users,
It has been discovered that the TYPO3 extension "phpMyAdmin" (phpmyadmin) is
susceptible to SQL Injection and CSRF.
For further information on the issue, please read the related advisory which
was published today:
TYPO3-EXT-SA-2019-014: Multiple vulnerabilities in extension "phpMyAdmin"
(phpmyadmin)
[1]https://typo3.org/security/advisory/typo3-ext-sa-2019-014/
In general the TYPO3 Security Team recommends to read the following pages:
The TYPO3 Security Guide:
[2]https://docs.typo3.org/typo3cms/CoreApiReference/Security/Index.html
Make sure you are subscribed to the TYPO3 Announce List:
[3]http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-announce
See all TYPO3 security advisories:
[4]https://typo3.org/help/security-advisories/
Regards,
Torben Hansen
Member of the TYPO3 Security Team
--
TYPO3 Security Team homepage: [5]https://typo3.org/teams/security/
E-Mail: security at typo3.org
Please note: When replying to this e-mail, please leave the header intact.
[1] https://typo3.org/security/advisory/typo3-ext-sa-2019-014/
[2] https://docs.typo3.org/typo3cms/CoreApiReference/Security/Index.html
[3] http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-announce
[4] https://typo3.org/help/security-advisories/
[5] https://typo3.org/teams/security/
More information about the TYPO3-announce
mailing list