Description

phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to execute arbitrary SQL statements, related to js/db_operations.js, js/tbl_operations.js, libraries/classes/Operations.php, and sql.php.

Remediation

References

CVE-2018-10188

Related Vulnerabilities

WordPress Plugin Qwizcards-online quizzes and flashcards Cross-Site Scripting (3.61)

WordPress Plugin WC Duplicate Order Unspecified Vulnerability (1.3)

Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-5498)

WordPress Plugin Async JavaScript Security Bypass (2.19.07.14)

WordPress 3.7.x Multiple Vulnerabilities (3.7 - 3.7.31)

Severity

High

Classification

CVE-2018-10188 CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities