phpMyAdmin CVE-2018-7260 Cross Site Scripting Vulnerability

phpMyAdmin is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
phpMyAdmin 4.7.x prior to 4.7.8 are vulnerable.

Information

Bugtraq ID: 103099
Class: Input Validation Error
CVE: CVE-2018-7260

Remote: Yes
Local: No
Published: Feb 20 2018 12:00AM
Updated: Feb 20 2018 12:00AM
Credit: Mayur Udiniya
Vulnerable: phpMyAdmin phpMyAdmin 4.7.7
phpMyAdmin phpMyAdmin 4.7.6
phpMyAdmin phpMyAdmin 4.7.5
phpMyAdmin phpMyAdmin 4.7.4
phpMyAdmin phpMyAdmin 4.7.3
phpMyAdmin phpMyAdmin 4.7.2
phpMyAdmin phpMyAdmin 4.7.1
phpMyAdmin phpMyAdmin 4.7
phpMyAdmin phpMyAdmin 4.4.7

Not Vulnerable: phpMyAdmin phpMyAdmin 4.7.8

Exploit

Attackers can exploit this issue by enticing an unsuspecting victim to follow a malicious URI.

References:

Fix XSS vulnerability in central columns feature (phpMyAdmin)
phpMyAdmin Homepage (phpMyAdmin)
PMASA-2018-1: Self XSS in central columns feature (phpMyAdmin)

Source: www.securityfocus.com

Exploit Collector

Search Exploit