vulnerability
phpMyAdmin: Improper Neutralization of Input During Web Page Generation (CVE-2018-19970)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:N/I:P/A:N) | Dec 11, 2018 | Oct 16, 2019 | May 21, 2026 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Published
Dec 11, 2018
Added
Oct 16, 2019
Modified
May 21, 2026
Description
In phpMyAdmin before 4.8.4, an XSS vulnerability was found in the navigation tree, where an attacker can deliver a payload to a user through a crafted database/table name.
Solution
phpmyadmin-upgrade-latest
References
- CVE-2018-19970
- https://attackerkb.com/topics/CVE-2018-19970
- http://www.securityfocus.com/bid/106181
- https://lists.debian.org/debian-lts-announce/2019/02/msg00003.html
- https://security.gentoo.org/glsa/201904-16
- https://www.phpmyadmin.net/security/PMASA-2018-8/
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2022-3153
- CWE-79
- EUVD-EUVD-2022-3153
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.