2018-01-30
ALT-BU-2018-3033-1
Branch p8 update bulletin.
Package phpMyAdmin updated to version 4.7.7-alt0.M80P.1 for branch p8 in task 198597.
Closed vulnerabilities
Published: 2018-01-03
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2017-1000499
phpMyAdmin versions 4.7.x (prior to 4.7.6.1/4.7.7) are vulnerable to a CSRF weakness. By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc.
Severity: HIGH (8.8)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
- http://cyberworldmirror.com/vulnerability-phpmyadmin-lets-attacker-perform-drop-table-single-click/
- http://cyberworldmirror.com/vulnerability-phpmyadmin-lets-attacker-perform-drop-table-single-click/
- 1040163
- 1040163
- 45284
- 45284
- https://www.phpmyadmin.net/security/PMASA-2017-9/
- https://www.phpmyadmin.net/security/PMASA-2017-9/
Published: 2018-12-11
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-19969
phpMyAdmin 4.7.x and 4.8.x versions prior to 4.8.4 are affected by a series of CSRF flaws. By deceiving a user into clicking on a crafted URL, it is possible to perform harmful SQL operations such as renaming databases, creating new tables/routines, deleting designer pages, adding/deleting users, updating user passwords, killing SQL processes, etc.
Severity: HIGH (8.8)
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
Closed bugs
Проблема с полем выбора получателей в SOGo