logo

Database

Lack of data validation - Path Traversal In phpmyadmin/phpmyadmin

Description

phpMyAdmin Arbitrary file read vulnerability An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the mysql.allow_local_infile PHP configuration, and the inadvertent ignoring of "options(MYSQLI_OPT_LOCAL_INFILE" calls.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2019-67992. NVD-2019-67993. OSV-2019-67994. OSV-DEBIAN-2019-67995. GCVE-2019-67996. lists.debian.org7. SECURITY-TRACKER-CVE-2019-6799

References

1. https://www.phpmyadmin.net/security/PMASA-2019-12. http://www.securityfocus.com/bid/1067363. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2019/CVE-2019-6799.yaml

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.