phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to execute arbitrary SQL statements, related to js/db_operations.js, js/tbl_operations.js, libraries/classes/Operations.php, and sql.php.

References

• https://nvd.nist.gov/vuln/detail/CVE-2018-10188
• http://www.securityfocus.com/bid/103936
• http://www.securitytracker.com/id/1040752
• phpmyadmin/phpmyadmin@c6dd6b5
• https://www.exploit-db.com/exploits/44496
• https://www.phpmyadmin.net/security/PMASA-2018-2