https://www.phpmyadmin.net/news/2018/12/11/security-fix-phpmyadmin-484-released/ The security fixes involve: Local file inclusion (https://www.phpmyadmin.net/security/PMASA-2018-6/), XSRF/CSRF vulnerabilities allowing a specially-crafted URL to perform harmful operations (https://www.phpmyadmin.net/security/PMASA-2018-7/), and an XSS vulnerability in the navigation tree (https://www.phpmyadmin.net/security/PMASA-2018-8/) - PMASA-2018-6 (CVE-2018-19968, CWE-661) https://www.phpmyadmin.net/security/PMASA-2018-6/ Local file inclusion through transformation feature - PMASA-2018-7 (CVE-2018-19969, CWE-661) https://www.phpmyadmin.net/security/PMASA-2018-7/ XSRF/CSRF vulnerability in phpMyAdmin - PMASA-2018-8 (CVE-2018-19970, CWE-661) https://www.phpmyadmin.net/security/PMASA-2018-8/ XSS vulnerability in navigation tree
Created phpMyAdmin tracking bugs for this issue: Affects: epel-all [bug 1658992]
Adding one CVE : CVE-2018-12613 -PMASA-2018-4, CWE-661 File inclusion and remote code execution attack https://www.phpmyadmin.net/security/PMASA-2018-4/