Fluid Attacks Database

Description

phpMyAdmin CSRF Vulnerability phpMyAdmin 4.7.x and 4.8.x versions prior to 4.8.4 are affected by a series of CSRF flaws. By deceiving a user into clicking on a crafted URL, it is possible to perform harmful SQL operations such as renaming databases, creating new tables/routines, deleting designer pages, adding/deleting users, updating user passwords, killing SQL processes, etc.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	phpmyadmin	>=0 <4:4.9.1+dfsg1-2	4:4.9.1+dfsg1-2
packagist	phpmyadmin/phpmyadmin	>=4.8 <4.8.4 \|\| >=4.7 <=4.7.6	4.8.4
debian 13	phpmyadmin	>=0 <4:4.9.1+dfsg1-2	4:4.9.1+dfsg1-2
debian 11	phpmyadmin	>=0 <4:4.9.1+dfsg1-2	4:4.9.1+dfsg1-2

Aliases

1. CVE-2018-199692. NVD-2018-199693. OSV-DEBIAN-2018-199694. OSV-2018-199695. GCVE-2018-199696. SECURITY-TRACKER-CVE-2018-199697. security.gentoo.org

References

1. https://web.archive.org/web/20210124223800/https://www.securityfocus.com/bid/1061752. https://www.phpmyadmin.net/security/PMASA-2018-7