logo

Database

Server side cross-site scripting In phpmyadmin/phpmyadmin

Description

phpMyAdmin Cross-site Scripting (XSS) in the import dialog An issue was discovered in phpMyAdmin before 4.8.3. A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted file to manipulate an authenticated user who loads that file through the import feature.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2018-156052. NVD-2018-156053. OSV-2018-156054. GCVE-2018-15605

References

1. https://github.com/phpmyadmin/phpmyadmin/commit/00d90b3ae415b31338f76263359467a9fbebd0a12. https://www.phpmyadmin.net/security/PMASA-2018-53. http://www.securityfocus.com/bid/1051684. http://www.securitytracker.com/id/1041548

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.