Fluid Attacks Database

Description

phpMyAdmin CSRF vulnerability allowing arbitrary SQL execution phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to execute arbitrary SQL statements, related to js/db_operations.js, js/tbl_operations.js, libraries/classes/Operations.php, and sql.php.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	phpmyadmin	>=0 <4:4.9.1+dfsg1-2	4:4.9.1+dfsg1-2
packagist	phpmyadmin/phpmyadmin	>=4.8 <4.8.0.1	4.8.0.1
debian 13	phpmyadmin	>=0 <4:4.9.1+dfsg1-2	4:4.9.1+dfsg1-2
debian 11	phpmyadmin	>=0 <4:4.9.1+dfsg1-2	4:4.9.1+dfsg1-2

Aliases

1. CVE-2018-101882. NVD-2018-101883. OSV-DEBIAN-2018-101884. OSV-2018-101885. GCVE-2018-101886. SECURITY-TRACKER-CVE-2018-10188

References

1. https://github.com/phpmyadmin/phpmyadmin/commit/c6dd6b56e236a3aff953cee4135ecaa67130e6412. https://www.exploit-db.com/exploits/444963. https://www.phpmyadmin.net/security/PMASA-2018-24. http://www.securityfocus.com/bid/1039365. http://www.securitytracker.com/id/1040752