phpMyAdmin 4.7.x and 4.8.x versions prior to 4.8.4 are affected by a series of CSRF flaws. By deceiving a user into clicking on a crafted URL, it is possible to perform harmful SQL operations such as renaming databases, creating new tables/routines, deleting designer pages, adding/deleting users, updating user passwords, killing SQL processes, etc.
CPE | Name | Operator | Version |
---|---|---|---|
phpmyadmin | ge | 4.8.0 | |
phpmyadmin | lt | 4.8.4 | |
phpmyadmin | ge | 4.7.0 | |
phpmyadmin | le | 4.7.6 |