8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.454 Medium
EPSS
Percentile
97.1%
phpMyAdmin release new versions that fix multiple security vulnerabilities
phpMyAdmin released yesterday the new version 4. 8. 4, fixes multiple security vulnerabilities. Previous, 12 on 9, phpMyAdmin official has released the update notice, to remind the user to 11, afternoon to evening for security updates, the vulnerability details will also update disclosure details.
The main fixes 3 security vulnerabilities
CVE-2018-19968 Local File Inclusion vulnerability
This vulnerability affects versions 4. 0 to 4. 8. 3, the attacker can be used which transformation function to read the server’s local file.
Update the commit is as follows: Github
CVE-2018-19969 CSRF vulnerability
This vulnerability affects versions 4. 7. 0 to 4. 7. 6 and 4. 8. 0 to 4. 8. 3, if successfully exploited, the attacker can achieve the execution of arbitrary SQL statements, add and delete users and passwords and other malicious operations.
Update commit the following more at: Github
CVE-2018-19970 XSSvulnerability
This vulnerability also affects the version 4. 0 to 4. 8. 3, is present in the navigation bar. An attacker can use a special database or table name to inject malicious code.
Update the commit is as follows: Github
phpMyAdmin has been updated to a new version and part of a separate patch
Users should promptly update to 4. 8. 4, or install the corresponding independent security patches.
Reference links
https://www.phpmyadmin.net/news/2018/12/11/security-fix-phpmyadmin-484-released/
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.454 Medium
EPSS
Percentile
97.1%