Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2018-19968

Опубликовано: 11 дек. 2018
Источник: debian
EPSS Низкий

Описание

An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents of a local file because of an error in the transformation feature. The attacker must have access to the phpMyAdmin Configuration Storage tables, although these can easily be created in any database to which the attacker has access. An attacker must have valid credentials to log in to phpMyAdmin; this vulnerability does not allow an attacker to circumvent the login system.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
phpmyadminfixed4:4.9.1+dfsg1-2package
phpmyadminfixed4:4.6.6-4+deb9u1stretchpackage

Примечания

  • https://www.phpmyadmin.net/security/PMASA-2018-6/

  • https://github.com/phpmyadmin/phpmyadmin/commit/6a1ba61e29002f0305a9322a8af4eaaeb11c0732

EPSS

Процентиль: 85%
0.02691
Низкий

Связанные уязвимости

CVSS3: 6.5
ubuntu
больше 6 лет назад

An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents of a local file because of an error in the transformation feature. The attacker must have access to the phpMyAdmin Configuration Storage tables, although these can easily be created in any database to which the attacker has access. An attacker must have valid credentials to log in to phpMyAdmin; this vulnerability does not allow an attacker to circumvent the login system.

CVSS3: 6.5
nvd
больше 6 лет назад

An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents of a local file because of an error in the transformation feature. The attacker must have access to the phpMyAdmin Configuration Storage tables, although these can easily be created in any database to which the attacker has access. An attacker must have valid credentials to log in to phpMyAdmin; this vulnerability does not allow an attacker to circumvent the login system.

CVSS3: 6.5
github
около 3 лет назад

phpMyAdmin Local file inclusion through transformation feature

suse-cvrf
больше 6 лет назад

Security update for phpMyAdmin

suse-cvrf
больше 6 лет назад

Security update for phpMyAdmin

EPSS

Процентиль: 85%
0.02691
Низкий