CyberSec.Space Logo
Back to CVE Browser

CVE-2019-18622

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1960%
EPSS Percentile40.76th
PublishedNov 22, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL injection attack through the designer feature.

Affected Platforms (CPE)

πŸ“¦
Phpmyadmin

Phpmyadmin

< 4.9.2
πŸ“¦
Opensuse

Backports Sle

= 15.0
πŸ“¦
Opensuse

Backports Sle

= 15.0
πŸ’»
Fedoraproject

Fedora

= 30
πŸ’»
Fedoraproject

Fedora

= 31
πŸ’»
Opensuse

Leap

= 15.0
πŸ’»
Opensuse

Leap

= 15.1

References & Advisories

πŸ”— http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00002.html
πŸ”— http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html
πŸ”— https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BA4DGF7KTQS6WA2DRNJSW66L43WB7LRV/
πŸ”— https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5GW4KEMNCBQYZCIXEJYC42OEBBN2NSH/
πŸ”— https://security.gentoo.org/glsa/202003-39
πŸ”— https://www.phpmyadmin.net/security/PMASA-2019-5/
πŸ”— http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00002.html
πŸ”— http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html

Related Vulnerabilities

CVE-2007-020310.0

Multiple unspecified vulnerabilities in phpMyAdmin before 2.9.2-rc1 have unknown impact and attack vectors.

CVE-2008-725110.0

libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 creates a temporary directory with 0777 permissions, which has unknow...

CVE-2004-114710.0

phpMyAdmin 2.6.0-pl2, and other versions before 2.6.1, with external transformations enabled, allows remote attackers to execute a...

CVE-2008-725210.0

libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses predictable filenames for temporary files, which has unknown imp...