CVE-2018-19968Sensitive Information Exposure in Phpmyadmin

CWE-200Sensitive Information Exposure12 documents6 sources
Severity
6.5MEDIUMNVD
OSV5.0
EPSS
2.5%
top 14.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
PhpmyadminDebian PhpmyadminDebian Linux
Timeline
PublishedDec 11
Latest updateMay 14

Description

An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents of a local file because of an error in the transformation feature. The attacker must have access to the phpMyAdmin Configuration Storage tables, although these can easily be created in any database to which the attacker has access. An attacker must have valid credentials to log in to phpMyAdmin; this vulnerability does not allow an attacker to circumvent the login system.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages5 packages

debiandebian/phpmyadmin< phpmyadmin 4:4.9.1+dfsg1-2 (bookworm)
NVDphpmyadmin/phpmyadmin4.0.04.8.4
Packagistphpmyadmin/phpmyadmin< 4.8.4
Debianphpmyadmin/phpmyadmin< 4:4.9.1+dfsg1-2+3
Ubuntuphpmyadmin/phpmyadmin< 4:4.6.6-5ubuntu0.5+4

Also affects: Debian Linux 8.0

Patches

Patch: www.phpmyadmin.netPatch: www.phpmyadmin.net

🔴Vulnerability Details

5
OSV
phpMyAdmin Local file inclusion through transformation feature2022-05-14
GHSA
phpMyAdmin Local file inclusion through transformation feature2022-05-14
OSV
phpmyadmin vulnerabilities2021-03-16
OSV
phpmyadmin vulnerabilities2020-11-19
OSV
CVE-2018-19968: An attacker can exploit phpMyAdmin before 42018-12-11

📋Vendor Advisories

3
Ubuntu
phpMyAdmin vulnerabilities2021-03-16
Ubuntu
phpMyAdmin vulnerabilities2020-11-19
Debian
CVE-2018-19968: phpmyadmin - An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents of a local ...2018

💬Community

2
Bugzilla
CVE-2018-19968 CVE-2018-19969 CVE-2018-19970 CVE-2018-12613 phpMyAdmin: Multiple security issues fixed in 4.8.4 [epel-all]2018-12-13
Bugzilla
CVE-2018-19968 CVE-2018-19969 CVE-2018-19970 CVE-2018-12613 phpMyAdmin: Multiple security issues fixed in 4.8.42018-12-13