An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents of a local file because of an error in the transformation feature. The attacker must have access to the phpMyAdmin Configuration Storage tables, although these can easily be created in any database to which the attacker has access. An attacker must have valid credentials to log in to phpMyAdmin; this vulnerability does not allow an attacker to circumvent the login system.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2018-12-11T17:00:00
Updated: 2024-08-05T11:51:17.786Z
Reserved: 2018-12-07T00:00:00
Link: CVE-2018-19968
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2018-12-11T17:29:00.227
Modified: 2019-04-23T12:36:17.260
Link: CVE-2018-19968
Redhat
No data.