CVE-2018-7260: phpMyAdmin Cross Site Scripting Vulnerability

by do son · February 22, 2018

CVE-2018-10188 CSRF vulnerability phpMyAdmin

On February 20, phpMyAdmin v4.7.8 was released to address Cross-Site Scripting vulnerability that effect to versions 4.7.x (prior to 4.7.8). Cross-site scripting (XSS) vulnerability in db_central_columns.php in phpMyAdmin before 4.7.8 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. This flaw was found by Mayur Udiniya security researcher.

CVE ID

CVE-2018-7260

Affected VersionsVersions 4.7.x (prior to 4.7.8) are affected.

Solution

Upgrade to phpMyAdmin 4.7.8 or newer or apply this patch.

Download phpMyAdmin 4.7.8

CVE-2018-7260: phpMyAdmin Cross Site Scripting Vulnerability

Search

Brilliantly

Content & Links