Announcement-ID: PMASA-2018-2
Date: 2018-04-17
CSRF vulnerability allowing arbitrary SQL execution
By deceiving a user to click on a crafted URL, it is possible for an attacker to execute arbitrary SQL commands.
We consider this vulnerability to be critical.
Version 4.8.0 is affected
Upgrade to phpMyAdmin 4.8.0-1 or newer or apply patch listed below.
Assigned CVE ids: CVE-2018-10188
CWE ids: CWE-661
The following commits have been made on the 4.8 branch to fix this issue:
For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.