CVE-2019-6798

Опубликовано: 26 янв. 2019

Источник: debian

Описание

An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability was reported where a specially crafted username can be used to trigger a SQL injection attack through the designer feature.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
phpmyadmin	fixed	4:4.9.1+dfsg1-2		package
phpmyadmin	fixed	4:4.6.6-4+deb9u1	stretch	package
phpmyadmin	not-affected		jessie	package

Примечания

https://www.phpmyadmin.net/security/PMASA-2019-2/
https://github.com/phpmyadmin/phpmyadmin/commit/469934cf7d3bd19a839eb78670590f7511399435

Связанные уязвимости

CVE-2019-6798

CVSS3: 9.8

ubuntu

около 7 лет назад

An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability was reported where a specially crafted username can be used to trigger a SQL injection attack through the designer feature.

CVE-2019-6798

CVSS3: 9.8

nvd

около 7 лет назад

An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability was reported where a specially crafted username can be used to trigger a SQL injection attack through the designer feature.

GHSA-f732-fxh6-g4qj

CVSS3: 9.8

github

больше 3 лет назад

phpMyAdmin SQL injection in Designer feature

openSUSE-SU-2019:0194-1

suse-cvrf

почти 7 лет назад

Security update for phpMyAdmin