phpMyAdmin has release version 4.8.4 and multiple patches to addresses XSS, XSRF/CSRF vulnerabilities, and local file inclusion through transformation feature vulnerabilities. An attacker could exploit thеsе vulnerabilities to deliver a payload to a user through a specially-crafted database/table name, ,to perform harmful SQL operations such as renaming databases, creating new tables/routines, deleting designer pages, adding/deleting users, updating user passwords, killing SQL processes, etc., or to leak the contents of a local file.
· phpMyAdmin versions from at least 4.0 through 4.8.3 - XSS and local file inclusion through transformation feature vulnerabilities;
· phpMyAdmin versions 4.7.0 through 4.7.6 and 4.8.0 through 4.8.3 - XSRF/CSRF vulnerabilities.
CERT Bulgaria encourages users and administrators to review the phpMyAdmin Announcements PMASA-2018-6, PMASA-2018-7, and PMASA-2018-8 and upgrade to phpMyAdmin 4.8.4 or newer or apply recommended patches.