Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

GSA_kwCzR0hTQS12NmZwLWg3OXgtOXJxY84AAW3K

High EPSS: 0.0079% (0.72936 Percentile) EPSS:
Permalink JSON

phpMyAdmin CSRF vulnerability allowing arbitrary SQL execution

Affected Packages Affected Versions Fixed Versions
packagist:phpmyadmin/phpmyadmin >= 4.8, < 4.8.0.1 4.8.0.1
4 Dependent packages
15 Dependent repositories
353,741 Downloads total

Affected Version Ranges

All affected versions

4.8.0, 4.8.1, 4.8.2, 4.8.3, 4.8.4, 4.8.5, 4.9.0, 4.9.1, 4.9.2, 4.9.3, 4.9.4, 4.9.5, 4.9.6, 4.9.7, 4.9.8, 4.9.9, 4.9.10, 4.9.11, 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.1.0, 5.1.1, 5.1.2, 5.1.3, 5.1.4, 5.2.0, 5.2.1, 5.2.2

All unaffected versions

4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7, 4.0.8, 4.0.9, 4.0.10, 4.7.0, 4.7.1, 4.7.2, 4.7.3, 4.7.4, 4.7.5, 4.7.6, 4.7.7, 4.7.8, 4.7.9

phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to execute arbitrary SQL statements, related to js/db_operations.js, js/tbl_operations.js, libraries/classes/Operations.php, and sql.php.

References:

Identifiers

GHSA-v6fp-h79x-9rqc

CVE-2018-10188

Risk

Severity

High

EPSS

EPSS Percentage: 0.0079

EPSS Percentile: 0.72936

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/phpmyadmin/phpmyadmin

Date and time

Published

over 3 years ago

Updated

over 1 year ago

API

JSON