Quote:The phpMyAdmin team announced the release of the phpMyAdmin version 4.8.4 which comes with a fix for a local file inclusion vulnerability rated as severe, as well as patches for two other moderate severity security issues.

As detailed in the phpMyAdmin PMASA-2018-6 advisory, versions from 4.0 to 4.8.3 of the MySQL and MariaDB administration software suffer from a flaw which could allow potential attackers to exploit the tool and get access to the contents of a local file.

"The attacker must have access to the phpMyAdmin Configuration Storage tables, although these can easily be created in any database to which the attacker has access," says the advisory. "An attacker must have valid credentials to log in to phpMyAdmin; this vulnerability does not allow an attacker to circumvent the login system."

In order to avoid having their system compromised using exploits specially crafted to address this flaw, all phpMyAdmin users have to update their installation to 4.8.4 or newer versions.