CVE-2019-6799

Summary of CVE-2019-6799 (phpMyAdmin) Affected: phpMyAdmin before 4.8.5. The issue arises when the AllowArbitraryServer setting is true and a rogue MySQL server is used. The vulnerability allows an attacker to read arbitrary files on the server that the web server user can access. It is related t...

CVE-2019-6798

An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability was reported where a specially crafted username can be used to trigger a SQL injection attack through the designer feature...

CVE-2019-6798

CVE-2019-6798 affects phpMyAdmin prior to version 4.8.5, with a SQL injection vulnerability in the Designer feature triggered by a specially crafted username. The root cause, as reported in multiple advisories, involves improper input handling/validation in the designer workflow, allowing an unau...

CVE-2019-6799

An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the mysql.allowlocalinfile PHP...

CVE-2019-6799

An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the mysql.allowlocalinfile PHP...

CVE-2019-6799

An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the mysql.allowlocalinfile PHP...

Multiple vulnerabilities in extension "phpMyAdmin" (phpmyadmin)

Multiple vulnerabilities have been found in the phpMyAdmin component...

SQL injection in Designer feature

PMASA-2019-2 Announcement-ID: PMASA-2019-2 Date: 2019-01-22 Summary SQL injection in Designer feature Description A vulnerability was reported where a specially crafted username can be used to trigger an SQL injection attack through the designer feature. Severity We consider this vulnerability to...

phpMyAdmin -- File disclosure and SQL injection

The phpMyAdmin development team reports: Summary Arbitrary file read vulnerability Description When AllowArbitraryServer configuration set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. phpMyadmin attempts to block...

Arbitrary file read vulnerability

PMASA-2019-1 Announcement-ID: PMASA-2019-1 Date: 2019-01-21 Summary Arbitrary file read vulnerability Description When AllowArbitraryServer configuration set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. phpMyadmi...

Fedora 29 : phpMyAdmin (2018-088802878a)

Upstream announcement : The phpMyAdmin team is pleased to announce the release of phpMyAdmin version 4.8.4. Among other bug fixes, this contains several important security fixes. The security fixes involve : - Local file inclusion https://www.phpmyadmin.net/security/PMASA-2018-6/, - XSRF/CSRF...

Fedora 28 : phpMyAdmin (2018-f2b24ce26e)

Upstream announcement : Security fix: phpMyAdmin 4.8.3 is released The phpMyAdmin team is pleased to announce the release of phpMyAdmin version 4.8.2. Among other bug fixes, this contains a security fix for an issue that can be exploited when importing files. A flaw was discovered with how warnin...

Fedora 28 : phpMyAdmin (2018-658eba5860)

Upstream announcement : Welcome to phpMyAdmin 4.8.0.1, which fixes a security flaw found in phpMyAdmin. This version fixes a security flaw found in version 4.8.0 where an attacker can manipulate a user in to following a specially crafted link, allowing the attacker to execute arbitrary SQL comman...

Fedora 28 : phpMyAdmin (2018-5aeca60933)

Upstream announcement : The phpMyAdmin team is pleased to announce the release of phpMyAdmin version 4.8.4. Among other bug fixes, this contains several important security fixes. The security fixes involve : - Local file inclusion https://www.phpmyadmin.net/security/PMASA-2018-6/, - XSRF/CSRF...

Fedora 28 : phpMyAdmin (2018-68349e3094)

Upstream announcement : The phpMyAdmin team is pleased to announce the release of phpMyAdmin version 4.8.2. Among other bug fixes, this contains an important security update and it is highly recommended that all users upgrade immediately. The urgent vulnerability allows an authenticated attacker ...

phpMyAdmin 4.8.4 - AllowArbitraryServer Arbitrary File Read Exploit

Exploit for php platform in category web applications !/usr/bin/env python coding: utf8 import socket import asyncore import asynchat import struct import random import logging import logging.handlers PORT = 3306 log = logging.getLoggername log.setLevellogging.DEBUG tmpformat =...

PrestaShop yllyaidechantier 1.4.9.0 Database Disclosure

Exploit Title : PrestaShop yllyaidechantier Modules 1.4.9.0 Database Disclosure Author Discovered By : KingSkrupellos from Cyberizm Digital Security Army Date : 24/12/2018 Vendor Homepage : prestashop.com Software Download Link : N/A Tested On : Windows and Linux Category : WebApps Version...

[SECURITY] Fedora 29 Update: phpMyAdmin-4.8.4-1.fc29

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

[SECURITY] Fedora 28 Update: phpMyAdmin-4.8.4-1.fc28

phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the World Wide Web. Most frequently used operations are supported by the user interface managing databases, tables, fields, relations, index es, users, permissions, while you still have the ability to directly...

Fedora Update for phpMyAdmin FEDORA-2018-5aeca60933

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...