Allele Security Alert
ASA-2018-00073, CVE-2018-19970, PMASA-2018-8
Missing input validation in navigation tree
The phpMyAdmin Project
phpMyAdmin versions from at least 4.0 through 4.8.3 are affected
Proof of concept
A missing input validation vulnerability was found in the navigation tree, where an attacker can deliver a payload to a user through a specially-crafted database/table name. This can lead to cross-site scripting attacks.
YU-HSIANG HUANG , YUNG-HAO TSENG, and Eddie TC CHANG
Security fix: phpMyAdmin 4.8.4 is released
phpMyAdmin – Security – PMASA-2018-8
Fix phpmyadmin/phpmyadmin-security#260 Stored Cross-Site Scripting (XSS) in navigation tree
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: March 11, 2019