CVE-2018-19970

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-19970

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-19970.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2018-19970

Aliases

GHSA-8987-93fh-rcwq

Related

Published

2018-12-11T17:29:00Z

Modified

2024-10-12T03:31:15.961414Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

In phpMyAdmin before 4.8.4, an XSS vulnerability was found in the navigation tree, where an attacker can deliver a payload to a user through a crafted database/table name.

References

Affected packages

Debian:11 / phpmyadmin

Package

Name: phpmyadmin
Purl: pkg:deb/debian/phpmyadmin?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4:4.9.1+dfsg1-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / phpmyadmin

Package

Name: phpmyadmin
Purl: pkg:deb/debian/phpmyadmin?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4:4.9.1+dfsg1-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / phpmyadmin

Package

Name: phpmyadmin
Purl: pkg:deb/debian/phpmyadmin?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4:4.9.1+dfsg1-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/phpmyadmin/phpmyadmin

Affected ranges

Type: GIT
Repo: https://github.com/phpmyadmin/phpmyadmin
Events: Introduced

6da64cc3b2ba4439574f914f51e161645375be96

Fixed

56ba19808f020fa8ac63366d450c3928564a91b8

Affected versions

Other

RELEASE_4_0_0

RELEASE_4_0_1RC1

RELEASE_4_0_2

RELEASE_4_0_2RC1

RELEASE_4_0_3

RELEASE_4_0_3RC1

RELEASE_4_0_4

RELEASE_4_0_4RC1

RELEASE_4_0_4_1

RELEASE_4_0_4_2

RELEASE_4_0_5RC1

RELEASE_4_0_6

RELEASE_4_0_6RC1

RELEASE_4_0_6RC2

RELEASE_4_1_0ALPHA1

RELEASE_4_1_0ALPHA2

RELEASE_4_1_0BETA1

RELEASE_4_1_0BETA2

RELEASE_4_1_0RC1

RELEASE_4_1_0RC2

RELEASE_4_1_0RC3

RELEASE_4_2_0

RELEASE_4_2_0ALPHA1

RELEASE_4_2_0ALPHA2

RELEASE_4_2_0BETA1

RELEASE_4_2_0RC1

RELEASE_4_2_10

RELEASE_4_2_10_1

RELEASE_4_2_11

RELEASE_4_2_12

RELEASE_4_2_13

RELEASE_4_2_13_1

RELEASE_4_2_7

RELEASE_4_2_7_1

RELEASE_4_2_8

RELEASE_4_2_8_1

RELEASE_4_2_9

RELEASE_4_2_9_1

RELEASE_4_3_0

RELEASE_4_3_0ALPHA1

RELEASE_4_3_0BETA1

RELEASE_4_3_0RC1

RELEASE_4_3_0RC2

RELEASE_4_3_1

RELEASE_4_3_10

RELEASE_4_3_11

RELEASE_4_3_11_1

RELEASE_4_3_12

RELEASE_4_3_13

RELEASE_4_3_2

RELEASE_4_3_3

RELEASE_4_3_4

RELEASE_4_3_5

RELEASE_4_3_6

RELEASE_4_3_7

RELEASE_4_3_8

RELEASE_4_3_9

RELEASE_4_4_0

RELEASE_4_4_0ALPHA1

RELEASE_4_4_1

RELEASE_4_4_10

RELEASE_4_4_11

RELEASE_4_4_12

RELEASE_4_4_13

RELEASE_4_4_13_1

RELEASE_4_4_14

RELEASE_4_4_14_1

RELEASE_4_4_15

RELEASE_4_4_15_1

RELEASE_4_4_15_2

RELEASE_4_4_1_1

RELEASE_4_4_2

RELEASE_4_4_3

RELEASE_4_4_4

RELEASE_4_4_5

RELEASE_4_4_6

RELEASE_4_4_6_1

RELEASE_4_4_7

RELEASE_4_4_8

RELEASE_4_4_9

RELEASE_4_5_0

RELEASE_4_5_0RC1

RELEASE_4_5_0_1

RELEASE_4_5_0_2

RELEASE_4_5_1

RELEASE_4_5_2

RELEASE_4_5_3

RELEASE_4_5_3_1

RELEASE_4_5_4

RELEASE_4_5_4_1

RELEASE_4_5_5

RELEASE_4_5_5_1

RELEASE_4_6_0

RELEASE_4_6_0ALPHA1

RELEASE_4_6_0RC1

RELEASE_4_6_0RC2

RELEASE_4_6_1

RELEASE_4_6_2

RELEASE_4_6_3

RELEASE_4_6_4

RELEASE_4_6_5

RELEASE_4_6_5_1

RELEASE_4_6_5_2

RELEASE_4_6_6

RELEASE_4_7_0

RELEASE_4_7_0BETA1

RELEASE_4_7_0RC1

RELEASE_4_7_1

RELEASE_4_7_2

RELEASE_4_7_3

RELEASE_4_7_4

RELEASE_4_7_5

RELEASE_4_7_6

RELEASE_4_7_7

RELEASE_4_7_8

RELEASE_4_7_9

RELEASE_4_8_0

RELEASE_4_8_0ALPHA1

RELEASE_4_8_0RC1

RELEASE_4_8_0_1

RELEASE_4_8_1

RELEASE_4_8_2

RELEASE_4_8_3