First published: Fri Aug 24 2018(Updated: )
An issue was discovered in phpMyAdmin before 4.8.3. A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted file to manipulate an authenticated user who loads that file through the import feature.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
phpMyAdmin phpMyAdmin | <4.8.3 | |
composer/phpmyadmin/phpmyadmin | <4.8.3 | 4.8.3 |
<4.8.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2018-15605.
The severity of CVE-2018-15605 is medium, with a CVSS score of 6.1.
The affected software is phpMyAdmin versions up to and exclusive of 4.8.3.
The vulnerability in phpMyAdmin allows an attacker to use a crafted file to manipulate an authenticated user through the import feature, leading to a Cross-Site Scripting (XSS) attack.
Yes, the fix for CVE-2018-15605 is included in phpMyAdmin version 4.8.3 and later.