CVE-2018-19969 (High) detected in phpmyadmin-RELEASE_4_4_15_10 - autoclosed

[mend-bolt-for-github[bot]]

CVE-2018-19969 - High Severity Vulnerability

Vulnerable Library - phpmyadminRELEASE_4_4_15_10

A web interface for MySQL and MariaDB

Library home page: https://github.com/phpmyadmin/phpmyadmin.git

Found in HEAD commit: fbd634d4c1d668e77ad15cdb38c4a85db5c75002

Library Source Files (48)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

- /phpmyAdmin/js/ajax.js - /phpmyAdmin/js/navigation.js - /phpmyAdmin/setup/scripts.js - /phpmyAdmin/js/db_qbe.js - /phpmyAdmin/js/gis_data_editor.js - /phpmyAdmin/js/rte.js - /phpmyAdmin/js/tbl_gis_visualization.js - /phpmyAdmin/js/common.js - /phpmyAdmin/js/tbl_relation.js - /phpmyAdmin/js/codemirror/lib/codemirror.js - /phpmyAdmin/js/codemirror/addon/hint/sql-hint.js - /phpmyAdmin/js/tbl_tracking.js - /phpmyAdmin/js/pmd/history.js - /phpmyAdmin/js/tbl_change.js - /phpmyAdmin/js/indexes.js - /phpmyAdmin/js/functions.js - /phpmyAdmin/js/makegrid.js - /phpmyAdmin/js/server_status_processes.js - /phpmyAdmin/js/tbl_operations.js - /phpmyAdmin/js/server_status_variables.js - /phpmyAdmin/js/server_privileges.js - /phpmyAdmin/js/tbl_structure.js - /phpmyAdmin/js/pmd/designer_page.js - /phpmyAdmin/js/tbl_chart.js - /phpmyAdmin/js/db_structure.js - /phpmyAdmin/js/db_tracking.js - /phpmyAdmin/js/db_central_columns.js - /phpmyAdmin/js/transformations/sql_editor.js - /phpmyAdmin/js/normalization.js - /phpmyAdmin/doc/conf.py - /phpmyAdmin/js/server_plugins.js - /phpmyAdmin/js/error_report.js - /phpmyAdmin/js/replication.js - /phpmyAdmin/js/sql.js - /phpmyAdmin/js/import.js - /phpmyAdmin/js/server_databases.js - /phpmyAdmin/js/console.js - /phpmyAdmin/js/server_status_sorter.js - /phpmyAdmin/js/tbl_select.js - /phpmyAdmin/js/export.js - /phpmyAdmin/js/pmd/move.js - /phpmyAdmin/js/tbl_zoom_plot_jqplot.js - /phpmyAdmin/js/menu-resizer.js - /phpmyAdmin/js/pmd/init.js - /phpmyAdmin/js/config.js - /phpmyAdmin/js/server_status_monitor.js - /phpmyAdmin/js/server_variables.js - /phpmyAdmin/js/pmd/iecanvas.js

Vulnerability Details

phpMyAdmin 4.7.x and 4.8.x versions prior to 4.8.4 are affected by a series of CSRF flaws. By deceiving a user into clicking on a crafted URL, it is possible to perform harmful SQL operations such as renaming databases, creating new tables/routines, deleting designer pages, adding/deleting users, updating user passwords, killing SQL processes, etc.

Publish Date: 2018-12-11

URL: CVE-2018-19969

CVSS 3 Score Details (8.8)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: Required - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.phpmyadmin.net/security/PMASA-2018-7/

Release Date: 2018-12-11

Fix Resolution: 7.0.8-35

---

Step up your Open Source Security Game with WhiteSource here

[mend-bolt-for-github[bot]]

:heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.