CVE-2018-19968

Published: Dic 11, 2018 Last Modified: Nov 21, 2024 EU-VD ID: EUVD-2022-5764 Aliases: GHSA-xc97-r49q-cxgc
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 6,5
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: low
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: none
Availability: none
MEDIUM 4,0
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: single
Confidentiality: partial
Integrity: none
Availability: none

Description

AI Translation Available

An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents of a local file because of an error in the transformation feature. The attacker must have access to the phpMyAdmin Configuration Storage tables, although these can easily be created in any database to which the attacker has access. An attacker must have valid credentials to log in to phpMyAdmin; this vulnerability does not allow an attacker to circumvent the login system.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0254
Percentile
0,9th
Updated

EPSS Score Trend (Last 91 Days)

200

Exposure of Sensitive Information to an Unauthorized Actor

Draft
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Confidentiality
Potential Impacts:
Read Application Data
Applicable Platforms
Technologies: Mobile, Not Technology-Specific, Web Based
Likelihood of Exploit: High
View CWE Details
Operating System

Debian Linux by Debian

Product Information
Vendor Debian
Product Debian Linux
Version 8.0
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Phpmyadmin by Phpmyadmin

Product Information
Vendor Phpmyadmin
Product Phpmyadmin
Version Range Affected
From 4.0.0 (inclusive)
To 4.8.4 (exclusive)
cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://lists.debian.org/debian-lts-announce/2019/02/msg000…
Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/02/msg00003.html
https://security.gentoo.org/glsa/201904-16
Third Party Advisory
https://security.gentoo.org/glsa/201904-16
https://www.phpmyadmin.net/security/PMASA-2018-6/
Patch Vendor Advisory
https://www.phpmyadmin.net/security/PMASA-2018-6/
http://www.securityfocus.com/bid/106178
Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/106178
https://lists.debian.org/debian-lts-announce/2019/02/msg000…
Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2019/02/msg00003.html
https://security.gentoo.org/glsa/201904-16
Third Party Advisory
https://security.gentoo.org/glsa/201904-16
https://www.phpmyadmin.net/security/PMASA-2018-6/
Patch Vendor Advisory
https://www.phpmyadmin.net/security/PMASA-2018-6/
http://www.securityfocus.com/bid/106178
Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/106178