CVE-2018-19970

Опубликовано: 11 дек. 2018

Источник: debian

Описание

In phpMyAdmin before 4.8.4, an XSS vulnerability was found in the navigation tree, where an attacker can deliver a payload to a user through a crafted database/table name.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
phpmyadmin	fixed	4:4.9.1+dfsg1-2		package
phpmyadmin	fixed	4:4.6.6-4+deb9u1	stretch	package

Примечания

https://www.phpmyadmin.net/security/PMASA-2018-8/
https://github.com/phpmyadmin/phpmyadmin/commit/b293ff5f234ef493336ed8638f623a12164d359e

Связанные уязвимости

CVE-2018-19970

CVSS3: 6.1

ubuntu

около 7 лет назад

In phpMyAdmin before 4.8.4, an XSS vulnerability was found in the navigation tree, where an attacker can deliver a payload to a user through a crafted database/table name.

CVE-2018-19970

CVSS3: 6.1

nvd

около 7 лет назад

In phpMyAdmin before 4.8.4, an XSS vulnerability was found in the navigation tree, where an attacker can deliver a payload to a user through a crafted database/table name.

GHSA-8987-93fh-rcwq

CVSS3: 6.1

github

больше 3 лет назад

phpMyAdmin Cross-site Scripting (XSS) vulnerability

openSUSE-SU-2018:4125-1

suse-cvrf

около 7 лет назад

Security update for phpMyAdmin

openSUSE-SU-2018:4124-1

suse-cvrf

около 7 лет назад

Security update for phpMyAdmin