A CSRF vulneratibility was found in phpMyAdmin before 4.7.7. By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc. Upstream patch: https://github.com/phpmyadmin/phpmyadmin/commit/edd929216ade9f7c150a262ba3db44db0fed0e1b https://github.com/phpmyadmin/phpmyadmin/commit/72f109a99c82b14c07dcb19946ba9b76efc32a1b References: https://www.phpmyadmin.net/security/PMASA-2017-9/
Created phpMyAdmin tracking bugs for this issue: Affects: epel-all [bug 1529162] Affects: fedora-all [bug 1529161] Affects: openshift-1 [bug 1529163]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.