[3.8] phpmyadmin: CSRF vulnerability allowing arbitrary SQL execution (CVE-2018-10188)
By deceiving a user to click on a crafted URL, it is possible for an
attacker
to execute arbitrary SQL commands.
Affected Versions:
Version 4.8.0 is affected
Reference:
https://www.phpmyadmin.net/security/PMASA-2018-2/
Patch:
https://github.com/phpmyadmin/phpmyadmin/commit/c6dd6b56e236a3aff953cee4135ecaa67130e641
(from redmine: issue id 8847, created on 2018-04-26, closed on 2018-06-12)
- Changesets:
- Revision 0e6a7a8f on 2018-06-11T12:23:48Z:
community/phpmyadmin: security fix (CVE-2018-10188)
Fixes #8847