phpMyAdmin CVE-2019-6798 SQL Injection Vulnerability
BID:106727
CVE-2019-6798 |Info
phpMyAdmin CVE-2019-6798 SQL Injection Vulnerability
| Bugtraq ID: | 106727 |
| Class: | Input Validation Error |
| CVE: |
CVE-2019-6798 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 22 2019 12:00AM |
| Updated: | Jan 22 2019 12:00AM |
| Credit: | YU-HSIANG HUANG ([email protected]), YUNG-HAO TSENG, and Eddie TC CHANG. |
| Vulnerable: |
phpMyAdmin phpMyAdmin 4.8.4 phpMyAdmin phpMyAdmin 4.8.3 phpMyAdmin phpMyAdmin 4.8.2 phpMyAdmin phpMyAdmin 4.8.1 phpMyAdmin phpMyAdmin 4.8 phpMyAdmin phpMyAdmin 4.7.8 phpMyAdmin phpMyAdmin 4.7.7 phpMyAdmin phpMyAdmin 4.7.6 phpMyAdmin phpMyAdmin 4.7.5 phpMyAdmin phpMyAdmin 4.7.4 phpMyAdmin phpMyAdmin 4.7.3 phpMyAdmin phpMyAdmin 4.7.2 phpMyAdmin phpMyAdmin 4.7.1 phpMyAdmin phpMyAdmin 4.7 phpMyAdmin phpMyAdmin 4.6.6 phpMyAdmin phpMyAdmin 4.6.5 phpMyAdmin phpMyAdmin 4.6.4 phpMyAdmin phpMyAdmin 4.6.2 phpMyAdmin phpMyAdmin 4.6.1 phpMyAdmin phpMyAdmin 4.6 phpMyAdmin phpMyAdmin 4.5.4 phpMyAdmin phpMyAdmin 4.5.2 phpMyAdmin phpMyAdmin 4.6.3 phpMyAdmin phpMyAdmin 4.5.5.1 phpMyAdmin phpMyAdmin 4.5.5.0 phpMyAdmin phpMyAdmin 4.5.3.1 phpMyAdmin phpMyAdmin 4.5.3.0 phpMyAdmin phpMyAdmin 4.5.1 phpMyAdmin phpMyAdmin 4.5.0.2 phpMyAdmin phpMyAdmin 4.5.0.1 phpMyAdmin phpMyAdmin 4.5.0 |
| Not Vulnerable: |
phpMyAdmin phpMyAdmin 4.8.5 |
Discussion
phpMyAdmin CVE-2019-6798 SQL Injection Vulnerability
phpMyAdmin is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
phpMyAdmin versions from 4.5.0 through 4.8.4 are vulnerable.
phpMyAdmin is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
phpMyAdmin versions from 4.5.0 through 4.8.4 are vulnerable.
Exploit / POC
phpMyAdmin CVE-2019-6798 SQL Injection Vulnerability
Attackers can use a browser to exploit this issue.
Attackers can use a browser to exploit this issue.
Solution / Fix
phpMyAdmin CVE-2019-6798 SQL Injection Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
phpMyAdmin CVE-2019-6798 SQL Injection Vulnerability
References:
References:
- Issue phpmyadmin-security/267 SQL injection in Designer feature (phpMyAdmin)
- Microsoft Homepage (Microsoft)
- PMASA-2019-2: SQL injection in Designer feature (phpMyAdmin)