phpMyAdmin updates close security vulnerability
The phpMyAdmin developers have announced the release of version 220.127.116.11 and 18.104.22.168 of their database administration tool, security updates that fix a path disclosure vulnerability. According to the developers, when the README, ChangeLog or LICENSE files are removed from their original location, the scripts used to display these files can show their full path, possibly leading to further attacks.
All versions previous to 22.214.171.124 and 126.96.36.199 are said to be affected. While the developers consider the vulnerability to be non-critical, they still advise all users to upgrade as soon as possible. Alternatively, users can apply the provided patches.
Version 188.8.131.52 and 184.108.40.206 of phpMyAdmin is available to download from the project's site. Hosted on SourceForge, phpMyAdmin is made available under version 2 of the GNU General Public License (GPLv2).
- Path disclosure when some files have been removed, a phpMyAdmin security advisory.