Описание
An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL injection attack through the designer feature.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| phpmyadmin | fixed | 4:4.9.2+dfsg1-1 | package | |
| phpmyadmin | not-affected | stretch | package | |
| phpmyadmin | not-affected | jessie | package |
Примечания
https://github.com/phpmyadmin/phpmyadmin/commit/ff541af95d7155d8dd326f331b5e248fea8e7111
https://gist.github.com/ibennetch/4ba7d2fac6f384a5039d697a110e0912
https://www.phpmyadmin.net/security/PMASA-2019-5/
EPSS
Процентиль: 77%
0.0107
Низкий
Связанные уязвимости
CVSS3: 9.8
ubuntu
больше 5 лет назад
An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL injection attack through the designer feature.
CVSS3: 9.8
nvd
больше 5 лет назад
An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL injection attack through the designer feature.
EPSS
Процентиль: 77%
0.0107
Низкий