http://bugzilla.opensuse.org/show_bug.cgi?id=1123271 Bug ID: 1123271 Summary: VUL-0: CVE-2019-6798: phpMyAdmin: SQL injection through malformed username Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.0 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: chris@computersalat.de Reporter: Andreas.Stieger@gmx.de QA Contact: security-team@suse.de Found By: Security Response Team Blocker: --- https://www.phpmyadmin.net/security/PMASA-2019-2/ Announcement-ID: PMASA-2019-2 Date: 2019-01-22 Summary: SQL injection in Designer feature Description: A vulnerability was reported where a specially crafted username can be used to trigger an SQL injection attack through the designer feature. Severity: We consider this vulnerability to be serious. Affected Versions: phpMyAdmin versions from 4.5.0 through 4.8.4 are affected Solution: Upgrade to phpMyAdmin 4.8.5 or newer or apply patch listed below. https://github.com/phpmyadmin/phpmyadmin/commit/4.8 https://github.com/phpmyadmin/phpmyadmin/commit/469934cf7d3bd19a839eb7867059... -- You are receiving this mail because: You are on the CC list for the bug.