Описание
In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server.
Ссылки
- Mailing ListThird Party Advisory
- ExploitThird Party Advisory
- Mailing ListThird Party Advisory
- PatchVendor Advisory
- Mailing ListThird Party Advisory
- ExploitThird Party Advisory
- Mailing ListThird Party Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 4.0.0 (включая) до 4.9.4 (исключая)Версия от 5.0.0 (включая) до 5.0.1 (исключая)
Одно из
cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*
cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:o:suse:suse_linux_enterprise_server:12:*:*:*:*:*:*:*
Конфигурация 3
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
EPSS
Процентиль: 95%
0.19756
Средний
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-89
Связанные уязвимости
CVSS3: 8.8
ubuntu
больше 5 лет назад
In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server.
CVSS3: 8.8
debian
больше 5 лет назад
In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists ...
EPSS
Процентиль: 95%
0.19756
Средний
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-89