Описание
phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to execute arbitrary SQL statements, related to js/db_operations.js, js/tbl_operations.js, libraries/classes/Operations.php, and sql.php.
Пакеты
Пакет | Статус | Версия исправления | Релиз | Тип |
---|---|---|---|---|
phpmyadmin | fixed | 4:4.9.1+dfsg1-2 | package | |
phpmyadmin | not-affected | stretch | package | |
phpmyadmin | not-affected | jessie | package | |
phpmyadmin | not-affected | wheezy | package |
Примечания
https://www.phpmyadmin.net/security/PMASA-2018-2/
https://github.com/phpmyadmin/phpmyadmin/commit/c6dd6b56e236a3aff953cee4135ecaa67130e641
EPSS
Связанные уязвимости
phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to execute arbitrary SQL statements, related to js/db_operations.js, js/tbl_operations.js, libraries/classes/Operations.php, and sql.php.
phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to execute arbitrary SQL statements, related to js/db_operations.js, js/tbl_operations.js, libraries/classes/Operations.php, and sql.php.
phpMyAdmin CSRF vulnerability allowing arbitrary SQL execution
EPSS