CVE-2018-10188
published 2018-04-19CVE-2018-10188: phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to execute arbitrary SQL statements, related to js/db_operations.js, js/tbl_operations.js…
PriorityP357high8.8CVSS 3.0
AVNACLPRNUIRSUCHIHAH
EXPLOIT
EPSS
4.22%
89.7th percentile
phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to execute arbitrary SQL statements, related to js/db_operations.js, js/tbl_operations.js, libraries/classes/Operations.php, and sql.php.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | phpmyadmin | < phpmyadmin 4:4.9.1+dfsg1-2 (bookworm) | phpmyadmin 4:4.9.1+dfsg1-2 (bookworm) |
| phpmyadmin | phpmyadmin | — | — |
| phpmyadmin | phpmyadmin | >= 0 < 4:4.9.1+dfsg1-2 | 4:4.9.1+dfsg1-2 |
| phpmyadmin | phpmyadmin | >= 0 < 4:4.9.1+dfsg1-2 | 4:4.9.1+dfsg1-2 |
| phpmyadmin | phpmyadmin | >= 0 < 4:4.9.1+dfsg1-2 | 4:4.9.1+dfsg1-2 |
| phpmyadmin | phpmyadmin | >= 0 < 4:4.9.1+dfsg1-2 | 4:4.9.1+dfsg1-2 |
| phpmyadmin | phpmyadmin | >= 4.8 < 4.8.0.1 | 4.8.0.1 |
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv8.8HIGH
vendor_debian8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
phpMyAdmin CSRF vulnerability allowing arbitrary SQL execution
osv·2022-05-14
CVE-2018-10188 [HIGH] phpMyAdmin CSRF vulnerability allowing arbitrary SQL execution
phpMyAdmin CSRF vulnerability allowing arbitrary SQL execution
phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to execute arbitrary SQL statements, related to js/db_operations.js, js/tbl_operations.js, libraries/classes/Operations.php, and sql.php.
GHSA
phpMyAdmin CSRF vulnerability allowing arbitrary SQL execution
ghsa·2022-05-14
CVE-2018-10188 [HIGH] CWE-352 phpMyAdmin CSRF vulnerability allowing arbitrary SQL execution
phpMyAdmin CSRF vulnerability allowing arbitrary SQL execution
phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to execute arbitrary SQL statements, related to js/db_operations.js, js/tbl_operations.js, libraries/classes/Operations.php, and sql.php.
OSV
CVE-2018-10188: phpMyAdmin 4
osv·2018-04-19·CVSS 8.8
CVE-2018-10188 [HIGH] CVE-2018-10188: phpMyAdmin 4
phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to execute arbitrary SQL statements, related to js/db_operations.js, js/tbl_operations.js, libraries/classes/Operations.php, and sql.php.
Debian
CVE-2018-10188: phpmyadmin - phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to execute arbitr...
vendor_debian·2018·CVSS 8.8
CVE-2018-10188 [HIGH] CVE-2018-10188: phpmyadmin - phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to execute arbitr...
phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to execute arbitrary SQL statements, related to js/db_operations.js, js/tbl_operations.js, libraries/classes/Operations.php, and sql.php.
Scope: local
bookworm: resolved (fixed in 4:4.9.1+dfsg1-2)
bullseye: resolved (fixed in 4:4.9.1+dfsg1-2)
forky: resolved (fixed in 4:4.9.1+dfsg1-2)
sid: resolved (fixed in 4:4.9.1+dfsg1-2)
trixie: resolved (fixed in 4:4.9.1+dfsg1-2)
No detection rules found.
No writeups or analysis indexed.
http://www.securityfocus.com/bid/103936http://www.securitytracker.com/id/1040752https://www.exploit-db.com/exploits/44496/https://www.phpmyadmin.net/security/PMASA-2018-2/http://www.securityfocus.com/bid/103936http://www.securitytracker.com/id/1040752https://www.exploit-db.com/exploits/44496/https://www.phpmyadmin.net/security/PMASA-2018-2/
2018-04-19
Published