Multiple vulnerabilities were found in phpMyAdmin, the most severe of which allows the execution of arbitrary PHP code.
Package | dev-db/phpmyadmin on all architectures |
---|---|
Affected versions | < 3.4.9 |
Unaffected versions | >= 3.4.9 |
phpMyAdmin is a web-based management tool for MySQL databases.
Multiple vulnerabilities have been discovered in phpMyAdmin. Please review the CVE identifiers and phpMyAdmin Security Advisories referenced below for details.
Remote attackers might be able to insert and execute PHP code, include and execute local PHP files, or perform Cross-Site Scripting (XSS) attacks via various vectors.
There is no known workaround at this time.
All phpMyAdmin users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-db/phpmyadmin-3.4.9"