phpMyAdmin 4.7.x and 4.8.x versions prior to 4.8.4 are affected by a series of CSRF flaws. By deceiving a user into clicking on a crafted URL, it is possible to perform harmful SQL operations such as renaming databases, creating new tables/routines, deleting designer pages, adding/deleting users, updating user passwords, killing SQL processes, etc.
{
"source": "CPE_RANGE",
"cpe": "cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "4.7.0"
},
{
"last_affected": "4.7.6"
},
{
"introduced": "4.8.0"
},
{
"fixed": "4.8.4"
}
]
}