CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2019-18622

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1960%
EPSS Percentile40.76th
Published2019年11月22日
Last Modified2024年11月21日

Vulnerability Description

An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL injection attack through the designer feature.

Affected Platforms (CPE)

📦
Phpmyadmin

Phpmyadmin

< 4.9.2
📦
Opensuse

Backports Sle

= 15.0
📦
Opensuse

Backports Sle

= 15.0
💻
Fedoraproject

Fedora

= 30
💻
Fedoraproject

Fedora

= 31
💻
Opensuse

Leap

= 15.0
💻
Opensuse

Leap

= 15.1

References & Advisories

🔗 http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00002.html
🔗 http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html
🔗 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BA4DGF7KTQS6WA2DRNJSW66L43WB7LRV/
🔗 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W5GW4KEMNCBQYZCIXEJYC42OEBBN2NSH/
🔗 https://security.gentoo.org/glsa/202003-39
🔗 https://www.phpmyadmin.net/security/PMASA-2019-5/
🔗 http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00002.html
🔗 http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html

相關漏洞威脅

CVE-2007-020310.0

Multiple unspecified vulnerabilities in phpMyAdmin before 2.9.2-rc1 have unknown impact and attack vectors.

CVE-2008-725110.0

libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 creates a temporary directory with 0777 permissions, which has unknow...

CVE-2004-114710.0

phpMyAdmin 2.6.0-pl2, and other versions before 2.6.1, with external transformations enabled, allows remote attackers to execute a...

CVE-2008-725210.0

libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses predictable filenames for temporary files, which has unknown imp...