CVE-2018-19968 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2018-19968 Interim 1 19 2025-02-17T02:31:16Z current 2021-05-30T14:19:15Z 2025-02-17T02:31:16Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2018-19968 An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents of a local file because of an error in the transformation feature. The attacker must have access to the phpMyAdmin Configuration Storage tables, although these can easily be created in any database to which the attacker has access. An attacker must have valid credentials to log in to phpMyAdmin; this vulnerability does not allow an attacker to circumvent the login system. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XUJQLDV2OL2BBH67BL7KLB57EJHEJBYX/#XUJQLDV2OL2BBH67BL7KLB57EJHEJBYX E-Mail link for openSUSE-SU-2018:4124-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/HL7XBV743WNCZJN3JXGNI6YFYMDO2M7F/#HL7XBV743WNCZJN3JXGNI6YFYMDO2M7F E-Mail link for openSUSE-SU-2018:4125-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Package Hub 12 SUSE Package Hub 15 openSUSE Leap 15.0 openSUSE Tumbleweed phpMyAdmin-4.8.4-32.1 phpMyAdmin-4.8.4-bp150.3.6.1 phpMyAdmin-4.8.4-lp150.2.12.1 phpMyAdmin-5.1.1-1.2 phpMyAdmin-apache-5.1.1-1.2 phpMyAdmin-lang-5.1.1-1.2 phpMyAdmin-4.8.4-32.1 as a component of SUSE Package Hub 12 phpMyAdmin-4.8.4-bp150.3.6.1 as a component of SUSE Package Hub 15 phpMyAdmin-4.8.4-lp150.2.12.1 as a component of openSUSE Leap 15.0 phpMyAdmin-5.1.1-1.2 as a component of openSUSE Tumbleweed phpMyAdmin-apache-5.1.1-1.2 as a component of openSUSE Tumbleweed phpMyAdmin-lang-5.1.1-1.2 as a component of openSUSE Tumbleweed An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents of a local file because of an error in the transformation feature. The attacker must have access to the phpMyAdmin Configuration Storage tables, although these can easily be created in any database to which the attacker has access. An attacker must have valid credentials to log in to phpMyAdmin; this vulnerability does not allow an attacker to circumvent the login system. CVE-2018-19968 SUSE Package Hub 12:phpMyAdmin-4.8.4-32.1 SUSE Package Hub 15:phpMyAdmin-4.8.4-bp150.3.6.1 openSUSE Leap 15.0:phpMyAdmin-4.8.4-lp150.2.12.1 openSUSE Tumbleweed:phpMyAdmin-5.1.1-1.2 openSUSE Tumbleweed:phpMyAdmin-apache-5.1.1-1.2 openSUSE Tumbleweed:phpMyAdmin-lang-5.1.1-1.2 moderate 4 AV:N/AC:L/Au:S/C:P/I:N/A:N 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N