Bug ID 1157614
Summary VUL-0: CVE-2019-18622: phpMyAdmin: SQL injection in Designer feature (PMASA-2019-5)
Classification openSUSE
Product openSUSE Distribution
Version Leap 15.1
Hardware Other
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component Security
Assignee chris@computersalat.de
Reporter Andreas.Stieger@gmx.de
QA Contact security-team@suse.de
CC chris@computersalat.de, lang@b1-systems.de
Found By ---
Blocker ---

A vulnerability was reported in phpMyAdmin where a specially crafted database
name can be used to trigger an SQL injection attack through the designer
feature.

This is similar to PMASA-2019-2 and PMASA-2019-3, but has affected different
versions. CVE-2019-18622 CWE-661 PMASA-2019-5

phpMyAdmin versions prior to 4.9.2 are affected, at least as old as 4.7.7.

References:
https://www.phpmyadmin.net/security/PMASA-2019-5/
https://github.com/phpmyadmin/phpmyadmin/commit/ff541af95d7155d8dd326f331b5e248fea8e7111


You are receiving this mail because: