CVE-2018-19970

Published: 11 December 2018

In phpMyAdmin before 4.8.4, an XSS vulnerability was found in the navigation tree, where an attacker can deliver a payload to a user through a crafted database/table name.

From the Ubuntu security team

It was discovered that phpMyAdmin incorrectly handled user input. An attacker could possibly use this for an XSS attack.

Priority

Medium

CVSS 3 base score: 6.1

Status

Package Release Status
phpmyadmin
Launchpad, Ubuntu, Debian
Upstream
Released (4.8.4, 4:4.9.1+dfsg1-2)
Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(4:4.9.2+dfsg1-1)
Ubuntu 20.10 (Groovy Gorilla) Not vulnerable
(4:4.9.2+dfsg1-1)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(4:4.9.2+dfsg1-1)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (4:4.6.6-5ubuntu0.5)
Ubuntu 16.04 LTS (Xenial Xerus) Needed

Ubuntu 14.04 ESM (Trusty Tahr) Needed