CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
96.6%
An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents of a
local file because of an error in the transformation feature. The attacker
must have access to the phpMyAdmin Configuration Storage tables, although
these can easily be created in any database to which the attacker has
access. An attacker must have valid credentials to log in to phpMyAdmin;
this vulnerability does not allow an attacker to circumvent the login
system.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | phpmyadmin | < 4:4.6.6-5ubuntu0.5 | UNKNOWN |
ubuntu | 14.04 | noarch | phpmyadmin | < 4:4.0.10-1ubuntu0.1+esm4 | UNKNOWN |
ubuntu | 16.04 | noarch | phpmyadmin | < 4:4.5.4.1-2ubuntu2.1+esm6 | UNKNOWN |
github.com/phpmyadmin/phpmyadmin/commit/6a1ba61e29002f0305a9322a8af4eaaeb11c0732
launchpad.net/bugs/cve/CVE-2018-19968
nvd.nist.gov/vuln/detail/CVE-2018-19968
security-tracker.debian.org/tracker/CVE-2018-19968
ubuntu.com/security/notices/USN-4639-1
www.cve.org/CVERecord?id=CVE-2018-19968
www.phpmyadmin.net/security/PMASA-2018-6/
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
96.6%