CVE-2019-11768: SQL Injection
First published: Wed Jun 05 2019(Updated: )
An issue was discovered in phpMyAdmin before 4.9.0.1. A vulnerability was reported where a specially crafted database name can be used to trigger an SQL injection attack through the designer feature.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| phpMyAdmin phpMyAdmin | <4.9.0.1 | |
| composer/phpmyadmin/phpmyadmin | <4.9.0.1 | 4.9.0.1 |
| <4.9.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00005.html
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00017.html
- http://www.securityfocus.com/bid/108617
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/II4HC4QO6WUL2IRSQKCB66UBJOLLI5OV/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKJMYVXEDXGEGRO42T6H6VOEZJ65QPQ7/
- https://www.phpmyadmin.net/security/PMASA-2019-3/
- https://nvd.nist.gov/vuln/detail/CVE-2019-11768
- https://github.com/phpmyadmin/phpmyadmin/commit/c1ecafc38319e8f768c9259d4d580e42acd5ee86
- https://github.com/advisories/GHSA-x37v-98f9-mj32 (Advisory)
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/II4HC4QO6WUL2IRSQKCB66UBJOLLI5OV/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKJMYVXEDXGEGRO42T6H6VOEZJ65QPQ7/
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2019-11768.
What is the severity of CVE-2019-11768?
The severity of CVE-2019-11768 is critical, with a severity value of 9.8.
What is the affected software for CVE-2019-11768?
The affected software for CVE-2019-11768 is phpMyAdmin before version 4.9.0.1.
What is the potential impact of this vulnerability?
This vulnerability can be used to trigger an SQL injection attack through the designer feature in phpMyAdmin.
How can I fix CVE-2019-11768?
To fix CVE-2019-11768, update phpMyAdmin to version 4.9.0.1 or later.
- collector/nvd-index
- agent/type
- agent/first-publish-date
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-x37v-98f9-mj32
- alias/CVE-2019-11768
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/remedy
- agent/severity
- agent/weakness
- agent/description
- agent/references
- agent/author
- agent/softwarecombine
- agent/event
- collector/nvd-cve
- source/NVD
- collector/github-advisory
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/phpmyadmin
- canonical/phpmyadmin phpmyadmin
- package-manager/composer