CRITICAL🇬🇧 English

CVE-2019-11768

CVSS 9.8v3.0pub. 2019-06-05upd. 2024-11-21

An issue was discovered in phpMyAdmin before 4.9.0.1. A vulnerability was reported where a specially crafted database name can be used to trigger an SQL injection attack through the designer feature.

oryginał EN
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Phpmyadmin

    APP
    Phpmyadmin
    < 4.9.0.1
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
SQLi
CWE
Referencje

Powiązane podatności

CVE-2009-1151CRITICAL9.8⚠ KEVten sam produkt

Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 a...

CVE-2020-22452CRITICAL9.8ten sam produkt

SQL Injection vulnerability in function getTableCreationQuery in CreateAddField.php in phpMyAdmin 5.x before 5...

CVE-2020-26935CRITICAL9.8ten sam produkt

An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection v...

CVE-2019-19617CRITICAL9.8ten sam produkt

phpMyAdmin before 4.9.2 does not escape certain Git information, related to libraries/classes/Display/GitRevis...

CVE-2019-18622CRITICAL9.8ten sam produkt

An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL...