Base Score

HIGH8.8

CVE-2018-19969

phpMyAdmin 4.7.x and 4.8.x versions prior to 4.8.4 are affected by a series of CSRF flaws. By deceiving a user into clicking on a crafted URL, it is possible to perform harmful SQL operations such as renaming databases, creating new tables/routines, deleting designer pages, adding/deleting users, updating user passwords, killing SQL processes, etc.

VectorNETWORK

Published Bycve@mitre.org

Published DateDec 11, 2018, 17:29

Affected Versions(2)

phpmyadmin/phpmyadmin(Packagist)

Introduced4.8

Fixed4.8.4

LimitN/A

phpmyadmin/phpmyadmin(Packagist)

Introduced4.7

FixedN/A

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
phpmyadmin/phpmyadmin(Packagist)	4.8	4.8.4	N/A
phpmyadmin/phpmyadmin(Packagist)	4.7	N/A	N/A

Weakness Type (CWE):CWE-352

CVSS Metrics

Base Score

8.8

Vector String

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Base Severity

HIGH

Version

3.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH

References

Base Score

HIGH8.8

Weakness Type (CWE):CWE-352

CVSS Metrics

Base Score

8.8

Vector String

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Base Severity

HIGH

Version

3.0

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

REQUIRED

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH