Component Type: Third Party Product, included with the TYPO3 core
Affected Components: PhpMyAdmin
Versions: TYPO3 3.8.0 and earlier
Vulnerability Type: Various (see below)
Severity: Medium
Problem Description:
Various security issues have been reported for PhpMyAdmin (see http://www.securityfocus.com/bid/15196/ for details.)
Solution:
The solution is part of the general maintenance upgrade to TYPO3 version 3.8.1, which all users of TYPO3 are advised to implement. It contains PhpMyAdmin 2.6.4-pl3.
Update: Please be aware that the updated phpMyAdmin extension comes with the 3.8.1 full download but is not contained in the upgrade patch! For the latter, you will need to upgrade it manually from TER.
Also, some language shortcomings have been reported with the version included in TYOP3 3.8.1.
So the current recommendation is
- apply TYPO3 3.8.1
- go to TER and upgrade to the latest version.
Credits:
Thanks to Michael Stucki for adapting the new version of PhpMyAdmin to TYPO3.