CVE-2019-6799
published 2019-01-26CVE-2019-6799: An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server…
PriorityP352medium5.9CVSS 3.0
AVNACHPRNUINSUCHINAN
EXPLOIT
EPSS
15.59%
96.4th percentile
An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the mysql.allow_local_infile PHP configuration, and the inadvertent ignoring of "options(MYSQLI_OPT_LOCAL_INFILE" calls.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | phpmyadmin | < phpmyadmin 4:4.9.1+dfsg1-2 (bookworm) | phpmyadmin 4:4.9.1+dfsg1-2 (bookworm) |
| phpmyadmin | phpmyadmin | >= 0 < 4:4.9.1+dfsg1-2 | 4:4.9.1+dfsg1-2 |
| phpmyadmin | phpmyadmin | >= 0 < 4:4.9.1+dfsg1-2 | 4:4.9.1+dfsg1-2 |
| phpmyadmin | phpmyadmin | >= 0 < 4:4.9.1+dfsg1-2 | 4:4.9.1+dfsg1-2 |
| phpmyadmin | phpmyadmin | >= 0 < 4:4.9.1+dfsg1-2 | 4:4.9.1+dfsg1-2 |
| phpmyadmin | phpmyadmin | >= 0 < 4:4.6.6-5ubuntu0.5 | 4:4.6.6-5ubuntu0.5 |
| phpmyadmin | phpmyadmin | 4.0.0 – 4.8.4 | — |
| phpmyadmin | phpmyadmin | >= 4.8 < 4.8.5 | 4.8.5 |
Detection & IOCsextracted from sources · hover to see the quote
otherpma_servername
- →Vulnerability is only exploitable when AllowArbitraryServer configuration is set to true in phpMyAdmin, enabling connection to a rogue MySQL server for arbitrary file read. ↗
- →Detection should check for PHP version below 7.3.4, as the bug in PHP that ignores MYSQLI_OPT_LOCAL_INFILE is present in those versions, enabling the attack path.
- →Monitor HTTP response headers for X-Powered-By PHP version disclosure to identify vulnerable PHP versions below 7.3.4.
- →The attack leverages LOAD DATA INFILE via a rogue MySQL server; phpMyAdmin's attempt to block MYSQLI_OPT_LOCAL_INFILE is not honored due to a PHP bug. Monitor for unexpected inbound MySQL connections from phpMyAdmin hosts. ↗
- →When using the 'mysql' extension, mysql.allow_local_infile is enabled by default, creating an additional attack vector. Audit PHP configurations for mysql.allow_local_infile=On on phpMyAdmin hosts. ↗
- →Use DNS interaction (OOB) detection as part of exploit confirmation; the nuclei template checks for dns interactsh_protocol hits during exploitation.
- →Fixed in phpMyAdmin 4.8.5; any instance running below this version with AllowArbitraryServer=true should be treated as vulnerable. ↗
- ·The vulnerability is only exploitable when AllowArbitraryServer is explicitly set to true in phpMyAdmin's configuration. Instances with the default setting (false) are not affected. ↗
- ·The PHP configuration directive mysql.allow_local_infile being enabled (default for the 'mysql' extension) is a contributing factor; disabling it mitigates the risk even if AllowArbitraryServer is true. ↗
CVSS provenance
nvdv3.05.9MEDIUMCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
osv6.5MEDIUM
vendor_ubuntu6.5MEDIUM
vendor_debian5.9MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
phpMyAdmin Arbitrary file read vulnerability
osv·2022-05-13
CVE-2019-6799 [MEDIUM] phpMyAdmin Arbitrary file read vulnerability
phpMyAdmin Arbitrary file read vulnerability
An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the mysql.allow_local_infile PHP configuration, and the inadvertent ignoring of "options(MYSQLI_OPT_LOCAL_INFILE" calls.
GHSA
phpMyAdmin Arbitrary file read vulnerability
ghsa·2022-05-13
CVE-2019-6799 [MEDIUM] CWE-22 phpMyAdmin Arbitrary file read vulnerability
phpMyAdmin Arbitrary file read vulnerability
An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the mysql.allow_local_infile PHP configuration, and the inadvertent ignoring of "options(MYSQLI_OPT_LOCAL_INFILE" calls.
OSV
phpmyadmin vulnerabilities
osv·2020-11-19·CVSS 6.5
CVE-2018-19968 [MEDIUM] phpmyadmin vulnerabilities
phpmyadmin vulnerabilities
It was discovered that there was a bug in the way phpMyAdmin handles the
phpMyAdmin Configuration Storage tables. An authenticated attacker could
use this vulnerability to cause phpmyAdmin to leak sensitive files.
(CVE-2018-19968)
It was discovered that phpMyAdmin incorrectly handled user input. An
attacker could possibly use this for an XSS attack. (CVE-2018-19970)
It was discovered that phpMyAdmin mishandled certain input. An attacker
could use this vulnerability to execute a cross-site scripting (XSS) attack
via a crafted URL. (CVE-2018-7260)
It was discovered that phpMyAdmin failed to sanitize certain input. An
attacker could use this vulnerability to execute an SQL injection attack
via a specially crafted database name. (CVE-2019-11768)
It was discovere
OSV
CVE-2019-6799: An issue was discovered in phpMyAdmin before 4
osv·2019-01-26·CVSS 5.9
CVE-2019-6799 [MEDIUM] CVE-2019-6799: An issue was discovered in phpMyAdmin before 4
An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the mysql.allow_local_infile PHP configuration, and the inadvertent ignoring of "options(MYSQLI_OPT_LOCAL_INFILE" calls.
Ubuntu
phpMyAdmin vulnerabilities
vendor_ubuntu·2020-11-19·CVSS 6.5
CVE-2020-5504 [MEDIUM] phpMyAdmin vulnerabilities
Title: phpMyAdmin vulnerabilities
Summary: Several security issues were fixed in phpMyAdmin.
It was discovered that there was a bug in the way phpMyAdmin handles the
phpMyAdmin Configuration Storage tables. An authenticated attacker could
use this vulnerability to cause phpmyAdmin to leak sensitive files.
(CVE-2018-19968)
It was discovered that phpMyAdmin incorrectly handled user input. An
attacker could possibly use this for an XSS attack. (CVE-2018-19970)
It was discovered that phpMyAdmin mishandled certain input. An attacker
could use this vulnerability to execute a cross-site scripting (XSS) attack
via a crafted URL. (CVE-2018-7260)
It was discovered that phpMyAdmin failed to sanitize certain input. An
attacker could use this vulnerability to execute an SQL injection attack
via a
Debian
CVE-2019-6799: phpmyadmin - An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServe...
vendor_debian·2019·CVSS 5.9
CVE-2019-6799 [MEDIUM] CVE-2019-6799: phpmyadmin - An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServe...
An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the mysql.allow_local_infile PHP configuration, and the inadvertent ignoring of "options(MYSQLI_OPT_LOCAL_INFILE" calls.
Scope: local
bookworm: resolved (fixed in 4:4.9.1+dfsg1-2)
bullseye: resolved (fixed in 4:4.9.1+dfsg1-2)
forky: resolved (fixed in 4:4.9.1+dfsg1-2)
sid: resolved (fixed in 4:4.9.1+dfsg1-2)
trixie: resolved (fixed in 4:4.9.1+dfsg1-2)
No detection rules found.
Nuclei
phpMyAdmin <4.8.5 - Local File Inclusion
nuclei·CVSS 5.9
CVE-2019-6799 [MEDIUM] phpMyAdmin <4.8.5 - Local File Inclusion
phpMyAdmin 3.9.9')
- type: dsl
dsl:
- compare_versions(phpversion, '< 7.3.4')
- type: word
part: interactsh_protocol
words:
- dns
- type: word
words:
- mysqli_real_connect
- type: word
words:
- pma_servername
- type: status
status:
- 200
extractors:
- type: regex
name: version
group: 1
regex:
- \?v=([0-9.]+)
internal: true
- type: regex
group: 1
regex:
- \?v=([0-9.]+)
- type: regex
name: phpversion
group: 1
regex:
- "X-Powered-By: PHP/([0-9.]+)"
internal: true
part: header
# digest: 4b0a00483046022100a0f4c52b5716436b218d43a8bb31a291b1692a9d61dd36b0aedca95b72eea929022100f7600ded45a3b3b8a78529b2d582cd9f2ef433ac4a7caacf47f275b1e492660a:922c64590222798bb761d5b6d8e72950
Bugzilla
CVE-2019-6798 CVE-2019-6799 phpMyAdmin: Multiple issues fixed in 4.8.5 version [epel-all]
bugzilla·2019-01-31·CVSS 9.8
CVE-2019-6798 [CRITICAL] CVE-2019-6798 CVE-2019-6799 phpMyAdmin: Multiple issues fixed in 4.8.5 version [epel-all]
CVE-2019-6798 CVE-2019-6799 phpMyAdmin: Multiple issues fixed in 4.8.5 version [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supporte
Bugzilla
CVE-2019-6798 CVE-2019-6799 phpMyAdmin: Multiple issues fixed in 4.8.5 version
bugzilla·2019-01-31·CVSS 9.8
CVE-2019-6798 [CRITICAL] CVE-2019-6798 CVE-2019-6799 phpMyAdmin: Multiple issues fixed in 4.8.5 version
CVE-2019-6798 CVE-2019-6799 phpMyAdmin: Multiple issues fixed in 4.8.5 version
CVE-2019-6798
A vulnerability was reported where a specially crafted username can be used to trigger an SQL injection attack through the designer feature.
https://www.phpmyadmin.net/security/PMASA-2019-2/
CVE-2019-6799
When AllowArbitraryServer configuration set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access.
phpMyadmin attempts to block the use of LOAD DATA INFILE, but due to a bug in PHP, this check is not honored. Additionally, when using the 'mysql' extension, mysql.allow_local_infile is enabled by default. Both of these conditions allow the attack to occur.
https://www.phpmyadmin.net/security/PMASA-2019-1/
Discussion:
Greynoiseio
NoiseLetter February 2026
blogs_greynoiseio
NoiseLetter February 2026
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
http://www.securityfocus.com/bid/106736https://lists.debian.org/debian-lts-announce/2019/02/msg00039.htmlhttps://www.phpmyadmin.net/security/PMASA-2019-1/http://www.securityfocus.com/bid/106736https://lists.debian.org/debian-lts-announce/2019/02/msg00039.htmlhttps://www.phpmyadmin.net/security/PMASA-2019-1/
2019-01-26
Published