Lucene search

GitHub Advisory DatabaseGHSA-V6FP-H79X-9RQC

HistoryMay 14, 2022 - 3:22 a.m.

phpMyAdmin CSRF vulnerability allowing arbitrary SQL execution

2022-05-1403:22:27

CWE-352

GitHub Advisory Database

github.com

phpmyadmin

csrf

vulnerability

arbitrary

sql

execution

software

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.3

Confidence

Low

EPSS

0.006

Percentile

79.1%

JSON

phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to execute arbitrary SQL statements, related to js/db_operations.js, js/tbl_operations.js, libraries/classes/Operations.php, and sql.php.

Affected configurations

Vulners

Node

phpmyadminphpmyadminRange4.8–4.8.0.1

VendorProductVersionCPE
phpmyadminphpmyadmin*cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
phpmyadmin	phpmyadmin	*	cpe:2.3:a:phpmyadmin:phpmyadmin::::::::

References

www.securityfocus.com/bid/103936

www.securitytracker.com/id/1040752

github.com/advisories/GHSA-v6fp-h79x-9rqc

github.com/phpmyadmin/phpmyadmin/commit/c6dd6b56e236a3aff953cee4135ecaa67130e641

nvd.nist.gov/vuln/detail/CVE-2018-10188

www.exploit-db.com/exploits/44496

www.phpmyadmin.net/security/PMASA-2018-2

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

8.3

Confidence

Low

EPSS

0.006

Percentile

79.1%

JSON

Related for GHSA-V6FP-H79X-9RQC