phpMyAdmin updates close security vulnerability
The phpMyAdmin developers have announced the release of version 184.108.40.206 and 220.127.116.11 of their database administration tool, security updates that fix a path disclosure vulnerability. According to the developers, when the README, ChangeLog or LICENSE files are removed from their original location, the scripts used to display these files can show their full path, possibly leading to further attacks.
All versions previous to 18.104.22.168 and 22.214.171.124 are said to be affected. While the developers consider the vulnerability to be non-critical, they still advise all users to upgrade as soon as possible. Alternatively, users can apply the provided patches.
Version 126.96.36.199 and 188.8.131.52 of phpMyAdmin is available to download from the project's site. Hosted on SourceForge, phpMyAdmin is made available under version 2 of the GNU General Public License (GPLv2).
- Path disclosure when some files have been removed, a phpMyAdmin security advisory.