SQL Injection Vulnerability in phpMyAdmin by phpMyAdmin Developers
CVE-2019-6798

9.8CRITICAL

Key Information:

Vendor: PHPmyadmin
Status: PHPmyadmin
Vendor: CVE Published:; 26 January 2019

Summary

A vulnerability in phpMyAdmin before version 4.8.5 allows attackers to exploit a crafted username to trigger a SQL injection via the designer feature. This flaw can enable unauthorized access to the underlying database, potentially leading to data exposure or manipulation. It's crucial for users to update their installations promptly to mitigate this risk and ensure the integrity of their database systems.

References

http://www.securityfocus.com/bid/106727

vdb-entryx_refsource_BID

https://www.phpmyadmin.net/security/PMASA-2019-2/

x_refsource_CONFIRM

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 26, 2019
Vulnerability Reserved
Jan 24, 2019