Situation
Three vulnerabilities were discovered in phpMyAdmin:
Affected versions
-
CVE-2018-19968.
phpMyAdmin versions from at least 4.0 through 4.8.3 are affected.
phpMyAdmin on Plesk for Windows is not affected by this vulnerability. -
CVE-2018-19969.
phpMyAdmin versions 4.7.0 through 4.7.6 and 4.8.0 through 4.8.3 are affected.
-
CVE-2018-19970.
phpMyAdmin versions from at least 4.0 through 4.8.3 are affected.
All phpMyAdmin versions which are shipped with Plesk are less than 4.8.4 so they all are affected:
- Plesk Onyx 17.8.11 – 4.8.3.
- Plesk Onyx 17.5.3 – 4.6.6.
- Plesk Onyx 17.0.17 – 4.6.6.
- Plesk 12.5.30 – 4.6.6.
- Plesk 12.0.18 – 4.5.1.
Mitigation
phpMyAdmin shipped with Plesk was updated to the version 4.8.4 in the following updates:
- 17 December 2018 – Plesk Onyx 17.8.11 Update 35.
- 17 December 2018 –Â Plesk Onyx 17.5.3 Update 64.
- 26 December 2018 –Â Plesk Onyx 17.0.17 Update 62.
- 19 December 2018 –Â Plesk 12.5.30 Update 79.
- 26 December 2018 – Plesk 12.0.18 Update 104 for Linux and for Windows.
Warning: this phpMyAdmin version cannot execute stored procedures.
To install the latest Plesk updates, use the instructions from the article How to install Plesk updates