Arbitrary Code Execution Affecting phpmyadmin/phpmyadmin package, versions >=4.8.0, <4.8.2


0.0
high

Snyk CVSS

    Attack Complexity Low
    Confidentiality High
    Integrity High
    Availability High

    Threat Intelligence

    Exploit Maturity Mature
    EPSS 97.41% (100th percentile)
Expand this section
NVD
8.8 high

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-PHP-PHPMYADMINPHPMYADMIN-72215
  • published 28 Jun 2018
  • disclosed 19 Jun 2018
  • credit Huang Henry

How to fix?

Upgrade phpmyadmin/phpmyadmin to version 4.8.2 or higher.

Overview

phpmyadmin/phpmyadmin is a MySQL web administration tool.

Affected versions of this package are vulnerable to Arbitrary Code Execution. An attacker could view and potentially execute files on the server due to a portion of code where pages are redirected and loaded within phpMyAdmin, and an improper test for whitelisted pages.