Sign In


phpMyAdmin Releases Security Updates – 13.12.2018

phpMyAdmin has release version 4.8.4 and multiple patches to addresses XSS, XSRF/CSRF vulnerabilities, and  local file inclusion through transformation feature vulnerabilities. An attacker could exploit thеsе vulnerabilities to  deliver a payload to a user through a specially-crafted database/table name, ,to perform harmful SQL operations such as renaming databases, creating new tables/routines, deleting designer pages, adding/deleting users, updating user passwords, killing SQL processes, etc., or to leak the contents of a local file.

Affected Versions
·        phpMyAdmin versions from at least 4.0 through 4.8.3 - XSS  and local file inclusion through transformation feature vulnerabilities;
·        phpMyAdmin versions 4.7.0 through 4.7.6 and 4.8.0 through 4.8.3 - XSRF/CSRF vulnerabilities.
CERT Bulgaria encourages users and administrators to review the phpMyAdmin Announcements PMASA-2018-6, PMASA-2018-7, and PMASA-2018-8  and upgrade to phpMyAdmin 4.8.4 or newer or apply recommended patches.