CVE-2019-18622 — SQL Injection in Phpmyadmin

CWE-89 — SQL Injection9 documents6 sources

Severity

9.8CRITICALNVD

EPSS

0.7%

top 27.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpmyadmin Fedoraproject Fedora Opensuse Backports SLE +1 more

Timeline

PublishedNov 22

Latest updateJan 16

Description

An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL injection attack through the designer feature.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages5 packages

▶NVDphpmyadmin/phpmyadmin< 4.9.2

▶Packagistphpmyadmin/phpmyadmin< 4.9.2

▶Debianphpmyadmin/phpmyadmin< 4:4.9.2+dfsg1-1+3

▶NVDopensuse/leap15.0, 15.1+1

▶NVDopensuse/backports_sle15.0

Also affects: Fedora 30, 31

Patches

Patch: www.phpmyadmin.net ↗Patch: www.phpmyadmin.net ↗

🔴Vulnerability Details

GHSA

SQL injection in phpMyAdmin↗2020-01-16

▶

OSV

SQL injection in phpMyAdmin↗2020-01-16

▶

OSV

CVE-2019-18622: An issue was discovered in phpMyAdmin before 4↗2019-11-22

▶

CVEList

CVE-2019-18622: An issue was discovered in phpMyAdmin before 4↗2019-11-22

▶

📋Vendor Advisories

Debian

CVE-2019-18622: phpmyadmin - An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table nam...↗2019

▶

💬Community

Bugzilla

CVE-2019-18622 phpMyAdmin: a crafted database/table name can be used to trigger an SQL injection attack through the designer feature [fedora-all]↗2019-11-25

▶

Bugzilla

CVE-2019-18622 phpMyAdmin: a crafted database/table name can be used to trigger an SQL injection attack through the designer feature [epel-all]↗2019-11-25

▶

Bugzilla

CVE-2019-18622 phpMyAdmin: a crafted database/table name can be used to trigger an SQL injection attack through the designer feature↗2019-11-25

▶