| VID |
22879 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
According to its self-reported version number, the phpMyAdmin application hosted on the remote web server is 4.7.6 or earlier version. It is, therefore, affected by multiple cross-site request forgery (XSRF) vulnerabilities. A remote attacker can exploit this by tricking a user into visiting a specially crafted web page, allowing the attacker to disclose sensitive information, impersonate the user's identity, or inject malicious content into the victim's web browser.
* References :
https://www.phpmyadmin.net/security/PMASA-2018-7/
* Platforms Affected:
phpMyAdmin 4.7.6 or earlier
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of phpMyAdmin (4.8.4 or later), available from the phpMyAdmin Download Web page at https://www.phpmyadmin.net/downloads/ |
| Related URL |
CVE-2018-19969 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
