http://bugzilla.opensuse.org/show_bug.cgi?id=1157614 Bug ID: 1157614 Summary: VUL-0: CVE-2019-18622: phpMyAdmin: SQL injection in Designer feature (PMASA-2019-5) Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.1 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: chris@computersalat.de Reporter: Andreas.Stieger@gmx.de QA Contact: security-team@suse.de CC: chris@computersalat.de, lang@b1-systems.de Found By: --- Blocker: --- A vulnerability was reported in phpMyAdmin where a specially crafted database name can be used to trigger an SQL injection attack through the designer feature. This is similar to PMASA-2019-2 and PMASA-2019-3, but has affected different versions. CVE-2019-18622 CWE-661 PMASA-2019-5 phpMyAdmin versions prior to 4.9.2 are affected, at least as old as 4.7.7. References: https://www.phpmyadmin.net/security/PMASA-2019-5/ https://github.com/phpmyadmin/phpmyadmin/commit/ff541af95d7155d8dd326f331b5e... -- You are receiving this mail because: You are on the CC list for the bug.