====================================================================


                             CERT-Renater

                 Note d'Information No. 2018/VULN165
_____________________________________________________________________

DATE                : 20/04/2018

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running phpmyadmin versions 4.8 prior to
                                      4.8.0.1.

=====================================================================
https://www.phpmyadmin.net/security/PMASA-2018-2/
_____________________________________________________________________

phpmyadmin -- CSRF vulnerability allowing arbitrary SQL execution

Affected packages
4.8.0 <= phpmyadmin < 4.8.0.1

Details

VuXML ID  ac7da39b-4405-11e8-afbe-6805ca0b3d42
Discovery 2018-04-17
Entry     2018-04-19

The phpMyAdmin development team reports:

    Summary

    CSRF vulnerability allowing arbitrary SQL execution

    Description

    By deceiving a user to click on a crafted URL, it is possible for an
    attacker to execute arbitrary SQL commands.

    Severity

    We consider this vulnerability to be critical.

References

URL https://www.phpmyadmin.net/security/PMASA-2018-2/

==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================