Lucene search

[email protected]NVD:CVE-2019-19617

HistoryDec 06, 2019 - 3:15 a.m.

CVE-2019-19617

2019-12-0603:15:10

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.002

Percentile

56.6%

JSON

phpMyAdmin before 4.9.2 does not escape certain Git information, related to libraries/classes/Display/GitRevision.php and libraries/classes/Footer.php.

Affected configurations

Nvd

Node

phpmyadminphpmyadminRange<4.9.2

Node

debiandebian_linuxMatch8.0

debiandebian_linuxMatch9.0

References

github.com/phpmyadmin/phpmyadmin/commit/1119de642b136d20e810bb20f545069a01dd7cc9

github.com/phpmyadmin/phpmyadmin/compare/RELEASE_4_9_1...RELEASE_4_9_2

lists.debian.org/debian-lts-announce/2019/12/msg00006.html

lists.debian.org/debian-lts-announce/2020/10/msg00024.html

www.phpmyadmin.net/news/2019/11/22/phpmyadmin-492-released/

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.002

Percentile

56.6%

JSON

Related for NVD:CVE-2019-19617

ubuntucve1 osv6 debian2 cvelist1 veracode2 debiancve1 symantec1 github1 cve1 openvas6 prion1 alpinelinux1 nessus4 ubuntu2