php-gettext code execution
The php-gettext library can suffer to code execution. However there is no way to trigger this inside phpMyAdmin.
We consider this to be minor.
phpMyAdmin is not vulberable, we're just fixing bug in embedded library which can not be exploited within phpMyAdmin.
Upgrade to phpMyAdmin 4.6.6, 18.104.22.168, or 22.214.171.124 or newer or apply patch listed below.
The issue in phpMyAdmin codebase was spot by Michal Čihař, the original issue has been fixed in php-gettext in 2015 without issuing CVE.
Assigned CVE ids: CVE-2015-8980
CWE ids: CWE-661
The following commits have been made on the 4.6 branch to fix this issue:
The following commits have been made on the 4.4 branch to fix this issue:
The following commits have been made on the 4.0 branch to fix this issue:
For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.