VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-u2js-dkmt-h3fc

Essentials
Severities (41)
References (15)
Severity details (17)
Exploits (1)
EPSS
History (1)

Vulnerability ID	VCID-u2js-dkmt-h3fc
Aliases	CVE-2018-10188 GHSA-v6fp-h79x-9rqc
Summary	phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to execute arbitrary SQL statements, related to js/db_operations.js, js/tbl_operations.js, libraries/classes/Operations.php, and sql.php.
Status	Published
Exploitability	2.0
Weighted Severity	8.0
Risk	10.0
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-352	Cross-Site Request Forgery (CSRF)
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.0079	https://api.first.org/data/v1/epss?cve=CVE-2018-10188
epss	0.0079	https://api.first.org/data/v1/epss?cve=CVE-2018-10188
epss	0.0079	https://api.first.org/data/v1/epss?cve=CVE-2018-10188
epss	0.0079	https://api.first.org/data/v1/epss?cve=CVE-2018-10188
epss	0.0079	https://api.first.org/data/v1/epss?cve=CVE-2018-10188
epss	0.0079	https://api.first.org/data/v1/epss?cve=CVE-2018-10188
epss	0.0079	https://api.first.org/data/v1/epss?cve=CVE-2018-10188
epss	0.0079	https://api.first.org/data/v1/epss?cve=CVE-2018-10188
epss	0.0079	https://api.first.org/data/v1/epss?cve=CVE-2018-10188
epss	0.0079	https://api.first.org/data/v1/epss?cve=CVE-2018-10188
epss	0.0079	https://api.first.org/data/v1/epss?cve=CVE-2018-10188
epss	0.0079	https://api.first.org/data/v1/epss?cve=CVE-2018-10188
epss	0.0079	https://api.first.org/data/v1/epss?cve=CVE-2018-10188
epss	0.0079	https://api.first.org/data/v1/epss?cve=CVE-2018-10188
epss	0.0079	https://api.first.org/data/v1/epss?cve=CVE-2018-10188
epss	0.0079	https://api.first.org/data/v1/epss?cve=CVE-2018-10188
epss	0.0079	https://api.first.org/data/v1/epss?cve=CVE-2018-10188
epss	0.0079	https://api.first.org/data/v1/epss?cve=CVE-2018-10188
epss	0.0079	https://api.first.org/data/v1/epss?cve=CVE-2018-10188
epss	0.0079	https://api.first.org/data/v1/epss?cve=CVE-2018-10188
epss	0.0079	https://api.first.org/data/v1/epss?cve=CVE-2018-10188
epss	0.0079	https://api.first.org/data/v1/epss?cve=CVE-2018-10188
epss	0.0079	https://api.first.org/data/v1/epss?cve=CVE-2018-10188
epss	0.0079	https://api.first.org/data/v1/epss?cve=CVE-2018-10188
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-v6fp-h79x-9rqc
cvssv3.1	8.8	https://github.com/phpmyadmin/composer
generic_textual	HIGH	https://github.com/phpmyadmin/composer
cvssv3.1	8.8	https://github.com/phpmyadmin/phpmyadmin/commit/c6dd6b56e236a3aff953cee4135ecaa67130e641
generic_textual	HIGH	https://github.com/phpmyadmin/phpmyadmin/commit/c6dd6b56e236a3aff953cee4135ecaa67130e641
cvssv2	6.8	https://nvd.nist.gov/vuln/detail/CVE-2018-10188
cvssv3	8.8	https://nvd.nist.gov/vuln/detail/CVE-2018-10188
cvssv3.1	8.8	https://nvd.nist.gov/vuln/detail/CVE-2018-10188
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2018-10188
cvssv3.1	8.8	https://www.exploit-db.com/exploits/44496
generic_textual	HIGH	https://www.exploit-db.com/exploits/44496
cvssv3.1	8.8	https://www.phpmyadmin.net/security/PMASA-2018-2
generic_textual	HIGH	https://www.phpmyadmin.net/security/PMASA-2018-2
cvssv3.1	8.8	http://www.securityfocus.com/bid/103936
generic_textual	HIGH	http://www.securityfocus.com/bid/103936
cvssv3.1	8.8	http://www.securitytracker.com/id/1040752
generic_textual	HIGH	http://www.securitytracker.com/id/1040752

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2018-10188
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10188
		https://github.com/phpmyadmin/composer
		https://github.com/phpmyadmin/phpmyadmin/commit/c6dd6b56e236a3aff953cee4135ecaa67130e641
		https://nvd.nist.gov/vuln/detail/CVE-2018-10188
		https://www.exploit-db.com/exploits/44496
		https://www.exploit-db.com/exploits/44496/
		https://www.phpmyadmin.net/security/PMASA-2018-2
		https://www.phpmyadmin.net/security/PMASA-2018-2/
		http://www.securityfocus.com/bid/103936
		http://www.securitytracker.com/id/1040752
896490		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=896490
cpe:2.3:a:phpmyadmin:phpmyadmin:4.8.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phpmyadmin:phpmyadmin:4.8.0:::::::*
CVE-2018-10188	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/44496.html
GHSA-v6fp-h79x-9rqc		https://github.com/advisories/GHSA-v6fp-h79x-9rqc

Data source	Exploit-DB
Date added	April 23, 2018
Description	phpMyAdmin 4.8.0 < 4.8.0-1 - Cross-Site Request Forgery
Ransomware campaign use	Unknown
Source publication date	April 23, 2018
Exploit type	webapps
Platform	php
Source update date	April 23, 2018

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/phpmyadmin/composer

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://github.com/phpmyadmin/phpmyadmin/commit/c6dd6b56e236a3aff953cee4135ecaa67130e641

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2018-10188

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2018-10188

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2018-10188

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.exploit-db.com/exploits/44496

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at https://www.phpmyadmin.net/security/PMASA-2018-2

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://www.securityfocus.com/bid/103936

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Found at http://www.securitytracker.com/id/1040752

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.72936
EPSS Score	0.0079
Published At	July 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:32:29.620395+00:00	Alpine Linux Importer	Import	https://secdb.alpinelinux.org/edge/community.json	37.0.0