CVE-2019-6799

Опубликовано: 26 янв. 2019

Источник: nvd

CVSS3: 5.9

CVSS2: 4.3

EPSS Средний

Описание

An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the mysql.allow_local_infile PHP configuration, and the inadvertent ignoring of "options(MYSQLI_OPT_LOCAL_INFILE" calls.

Ссылки

http://www.securityfocus.com/bid/106736
Third Party Advisory
VDB Entry
https://lists.debian.org/debian-lts-announce/2019/02/msg00039.html
Mailing List
Third Party Advisory
https://www.phpmyadmin.net/security/PMASA-2019-1/
Mitigation
Patch
Vendor Advisory
http://www.securityfocus.com/bid/106736
Third Party Advisory
VDB Entry
https://lists.debian.org/debian-lts-announce/2019/02/msg00039.html
Mailing List
Third Party Advisory
https://www.phpmyadmin.net/security/PMASA-2019-1/
Mitigation
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*

Версия от 4.0.0 (включая) до 4.8.4 (включая)

Конфигурация 2

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

EPSS

Процентиль: 99%

0.68816

Средний

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

CVE-2019-6799

CVSS3: 5.9

ubuntu

больше 6 лет назад

CVE-2019-6799

CVSS3: 5.9

debian

больше 6 лет назад

An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbi ...

GHSA-c8wj-q36q-3wg4

CVSS3: 5.9

github

около 3 лет назад

phpMyAdmin Arbitrary file read vulnerability

openSUSE-SU-2019:0194-1

suse-cvrf

больше 6 лет назад

Security update for phpMyAdmin

EPSS

Процентиль: 99%

0.68816

Средний

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

NVD-CWE-noinfo