phpMyAdmin release new versions that fix multiple security vulnerabilities
phpMyAdmin released yesterday the new version 4. 8. 4, fixes multiple security vulnerabilities. Previous, 12 on 9, phpMyAdmin official has released the update notice, to remind the user to 11, afternoon to evening for security updates, the vulnerability details will also update disclosure details.
The main fixes 3 security vulnerabilities
CVE-2018-19968 Local File Inclusion vulnerability
This vulnerability affects versions 4. 0 to 4. 8. 3, the attacker can be used which transformation function to read the server’s local file.
Update the commit is as follows: Github
CVE-2018-19969 CSRF vulnerability
This vulnerability affects versions 4. 7. 0 to 4. 7. 6 and 4. 8. 0 to 4. 8. 3, if successfully exploited, the attacker can achieve the execution of arbitrary SQL statements, add and delete users and passwords and other malicious operations.
Update commit the following more at: Github
CVE-2018-19970 XSSvulnerability
This vulnerability also affects the version 4. 0 to 4. 8. 3, is present in the navigation bar. An attacker can use a special database or table name to inject malicious code.
Update the commit is as follows: Github
phpMyAdmin has been updated to a new version and part of a separate patch
Users should promptly update to 4. 8. 4, or install the corresponding independent security patches.
Reference links
https://www.phpmyadmin.net/news/2018/12/11/security-fix-phpmyadmin-484-released/