Memory leak in phpMyAdmin - CVE-2018-19968
Published: December 12, 2018
Vulnerability identifier: #VU16498
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-19968
CWE-ID: CWE-401
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: phpMyAdmin
Affected software:
phpMyAdmin
phpMyAdmin
Detailed vulnerability description
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to memory leak. A remote attacker with valid credentials can log in to phpMyAdmin, gain access to the phpMyAdmin Configuration Storage tables, although these can easily be created in any database to which the attacker has access to leak the contents of a local file.
The weakness exists due to memory leak. A remote attacker with valid credentials can log in to phpMyAdmin, gain access to the phpMyAdmin Configuration Storage tables, although these can easily be created in any database to which the attacker has access to leak the contents of a local file.
How to mitigate CVE-2018-19968
Update to version 4.8.4.