USN-4639-1: phpMyAdmin vulnerabilities

It was discovered that there was a bug in the way phpMyAdmin handles the phpMyAdmin Configuration Storage tables. An authenticated attacker could use this vulnerability to cause phpmyAdmin to leak sensitive files. CVE-2018-19968 It was discovered that phpMyAdmin incorrectly handled user input. An...

phpMyAdmin 4.0 < 4.8.5 Multiple Vulnerabilities (PMASA-2019-1), (PMASA-2019-2)

According to its self-reported version, the phpMyAdmin application hosted on the remote web server is 4.0.x prior to 4.8.5. It is, therefore, affected by multiple vulnerabilities. - When AllowArbitraryServer configuration set to true, with the use of a rogue MySQL server, an attacker can read any...

openSUSE: Security Advisory for phpMyAdmin (openSUSE-SU-2019:0194-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

phpMyAdmin 4.x < 4.8.5 Multiple Vulnerabilities (PMASA-2019-1) (PMASA-2019-2)

According to its self-reported version number, the phpMyAdmin application hosted on the remote web server is 4.x prior to 4.8.5. It is, therefore, affected by at least one of the following vulnerabilities: - A SQL injection SQLi vulnerability exists in phpMyAdmin due to improper validation of...

openSUSE Security Update : phpMyAdmin (openSUSE-2019-194)

This update for phpMyAdmin to version 4.8.5 fixes the following issues : Security issues fixed : - CVE-2019-6799: Fixed an arbitrary file read vulnerability boo1123272 - CVE-2019-6798: Fixed a SQL injection in the designer interface boo1123271 Other changes : - Fix rxport to SQL format not...

Security update for phpMyAdmin (important)

openSUSE Security Update: Security update for phpMyAdmin Announcement ID: openSUSE-SU-2019:0194-1 Rating: important References: 1123271 1123272 Cross-References: CVE-2019-6798 CVE-2019-6799 Affected Products: openSUSE Leap 42.3 openSUSE Leap 15.0 openSUSE Backports SLE-15 SUSE Package Hub for SUS...

CVE-2019-6798

An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability was reported where a specially crafted username can be used to trigger a SQL injection attack through the designer feature...

CVE-2019-6798

CVE-2019-6798 affects phpMyAdmin prior to version 4.8.5, with a SQL injection vulnerability in the Designer feature triggered by a specially crafted username. The root cause, as reported in multiple advisories, involves improper input handling/validation in the designer workflow, allowing an unau...

SQL injection in Designer feature

PMASA-2019-2 Announcement-ID: PMASA-2019-2 Date: 2019-01-22 Summary SQL injection in Designer feature Description A vulnerability was reported where a specially crafted username can be used to trigger an SQL injection attack through the designer feature. Severity We consider this vulnerability to...