[Ticket#201906255760000019] SQL Injection and CSRF in third party TYPO3 extension "phpMyAdmin" (phpmyadmin)

Dear TYPO3 users,

It has been discovered that the TYPO3 extension "phpMyAdmin" (phpmyadmin) is
susceptible to SQL Injection and CSRF.

For further information on the issue, please read the related advisory which
was published today:

TYPO3-EXT-SA-2019-014: Multiple vulnerabilities in extension "phpMyAdmin"
(phpmyadmin)
[1]https://typo3.org/security/advisory/typo3-ext-sa-2019-014/

In general the TYPO3 Security Team recommends to read the following pages:

The TYPO3 Security Guide:
[2]https://docs.typo3.org/typo3cms/CoreApiReference/Security/Index.html

Make sure you are subscribed to the TYPO3 Announce List:
[3]http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-announce

See all TYPO3 security advisories:
[4]https://typo3.org/help/security-advisories/

Regards,

Torben Hansen
Member of the TYPO3 Security Team

--
TYPO3 Security Team homepage: [5]https://typo3.org/teams/security/

E-Mail: security@typo3.org

Please note: When replying to this e-mail, please leave the header intact.


[1] https://typo3.org/security/advisory/typo3-ext-sa-2019-014/
[2] https://docs.typo3.org/typo3cms/CoreApiReference/Security/Index.html
[3] http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-announce
[4] https://typo3.org/help/security-advisories/
[5] https://typo3.org/teams/security/