Published: 19/04/2018 Updated: 21/05/2018

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 685

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

phpMyAdmin 4.8.0 prior to 4.8.0-1 has CSRF, allowing an malicious user to execute arbitrary SQL statements, related to js/db_operations.js, js/tbl_operations.js, libraries/classes/Operations.php, and sql.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
phpmyadmin phpmyadmin 4.8.0

Debian Bug report logs - #896490 phpmyadmin: CVE-2018-10188: several CSRF vulnerabilities Package: src:phpmyadmin; Maintainer for src:phpmyadmin is Thijs Kinkhorst <thijs@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 21 Apr 2018 17:09:01 UTC Severity: important Tags: patch, security, u ...

# Exploit Title: phpMyAdmin 480 < 480-1 - Cross-Site Request Forgery # Date: 2018-04-20 # Software Link: wwwphpmyadminnet/ # Author: @revengsh & @0x00FI # CVE: CVE-2018-10188 # Category: Webapps #1 Description #The vulnerability exists due to failure in the "/sqlphp" script to properly verify the source of HTTP request #Th ...

phpMyAdmin versions 480 prior to 480-1 suffer from a cross site request forgery vulnerability ...

CWE-352 https://www.phpmyadmin.net/security/PMASA-2018-2/http://www.securityfocus.com/bid/103936 https://www.exploit-db.com/exploits/44496/http://www.securitytracker.com/id/1040752 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896490 https://nvd.nist.gov https://www.exploit-db.com/exploits/44496/

CVE-2018-10188

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect