High severity8.8NVD Advisory· Published Apr 19, 2018· Updated Jun 17, 2026
CVE-2018-10188
CVE-2018-10188
Description
phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to execute arbitrary SQL statements, related to js/db_operations.js, js/tbl_operations.js, libraries/classes/Operations.php, and sql.php.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
phpmyadmin/phpmyadminPackagist | >= 4.8, < 4.8.0.1 | 4.8.0.1 |
Affected products
3- ghsa-coords3 versionspkg:composer/phpmyadmin/phpmyadminpkg:rpm/opensuse/phpMyAdmin&distro=openSUSE%20Tumbleweedpkg:rpm/suse/phpMyAdmin&distro=SUSE%20Package%20Hub%2012
>= 4.8, < 4.8.0.1+ 2 more
- (no CPE)range: >= 4.8, < 4.8.0.1
- (no CPE)range: < 5.1.1-1.2
- (no CPE)range: < 4.8.0.1-20.1
Patches
Vulnerability mechanics
References
9- www.exploit-db.com/exploits/44496/nvdExploitThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/103936nvdThird Party AdvisoryVDB EntryWEB
- www.securitytracker.com/id/1040752nvdThird Party AdvisoryVDB EntryWEB
- github.com/advisories/GHSA-v6fp-h79x-9rqcghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-10188ghsaADVISORY
- www.phpmyadmin.net/security/PMASA-2018-2/nvdVendor Advisory
- github.com/phpmyadmin/phpmyadmin/commit/c6dd6b56e236a3aff953cee4135ecaa67130e641ghsaWEB
- www.exploit-db.com/exploits/44496ghsaWEB
- www.phpmyadmin.net/security/PMASA-2018-2ghsaWEB
News mentions
0No linked articles in our index yet.