FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpmyadmin -- CSRF vulnerability allowing arbitrary SQL execution

Affected packages
4.8.0 <= phpmyadmin < 4.8.0.1

Details

VuXML ID ac7da39b-4405-11e8-afbe-6805ca0b3d42
Discovery 2018-04-17
Entry 2018-04-19

The phpMyAdmin development team reports:

Summary

CSRF vulnerability allowing arbitrary SQL execution

Description

By deceiving a user to click on a crafted URL, it is possible for an attacker to execute arbitrary SQL commands.

Severity

We consider this vulnerability to be critical.

References

URL https://www.phpmyadmin.net/security/PMASA-2018-2/