Moderate severityNVD Advisory· Published Dec 11, 2018· Updated Aug 5, 2024
CVE-2018-19968
CVE-2018-19968
Description
An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents of a local file because of an error in the transformation feature. The attacker must have access to the phpMyAdmin Configuration Storage tables, although these can easily be created in any database to which the attacker has access. An attacker must have valid credentials to log in to phpMyAdmin; this vulnerability does not allow an attacker to circumvent the login system.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
phpmyadmin/phpmyadminPackagist | < 4.8.4 | 4.8.4 |
Affected products
2- ghsa-coords2 versions
< 4.8.4+ 1 more
- (no CPE)range: < 4.8.4
- (no CPE)range: < 5.1.1-1.2
Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-xc97-r49q-cxgcghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-19968ghsaADVISORY
- security.gentoo.org/glsa/201904-16ghsavendor-advisoryx_refsource_GENTOOWEB
- www.securityfocus.com/bid/106178ghsavdb-entryx_refsource_BIDWEB
- github.com/phpmyadmin/phpmyadmin/commit/6a1ba61e29002f0305a9322a8af4eaaeb11c0732ghsaWEB
- lists.debian.org/debian-lts-announce/2019/02/msg00003.htmlghsamailing-listx_refsource_MLISTWEB
- www.phpmyadmin.net/security/PMASA-2018-6ghsaWEB
- www.phpmyadmin.net/security/PMASA-2018-6/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.