First published: Fri Nov 22 2019(Updated: )
An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL injection attack through the designer feature.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
phpMyAdmin | <4.9.2 | |
openSUSE Backports | =15.0 | |
openSUSE Backports | =15.0-sp1 | |
Fedoraproject Fedora | =30 | |
Fedoraproject Fedora | =31 | |
openSUSE | =15.0 | |
openSUSE | =15.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this issue is CVE-2019-18622.
The severity of CVE-2019-18622 is critical.
The affected software for CVE-2019-18622 includes phpMyAdmin before version 4.9.2, openSUSE Backports SLE 15.0 and 15.0-sp1, Fedoraproject Fedora 30 and 31, and openSUSE Leap 15.0 and 15.1.
A SQL injection attack can be triggered in phpMyAdmin through the designer feature by using a crafted database/table name.
Yes, you can find the references related to CVE-2019-18622 at the following links: http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00002.html, http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html, and https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BA4DGF7KTQS6WA2DRNJSW66L43WB7LRV/