Fluid Attacks Database

Description

phpMyAdmin unsanitized Git information phpMyAdmin before 4.9.2 does not escape certain Git information, related to libraries/classes/Display/GitRevision.php and libraries/classes/Footer.php.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	phpmyadmin	>=0 <4:4.9.2+dfsg1-1	4:4.9.2+dfsg1-1
debian 12	phpmyadmin	>=0 <4:4.9.2+dfsg1-1	4:4.9.2+dfsg1-1
debian 13	phpmyadmin	>=0 <4:4.9.2+dfsg1-1	4:4.9.2+dfsg1-1
packagist	phpmyadmin/phpmyadmin	>=0 <4.9.2	4.9.2

Aliases

1. CVE-2019-196172. NVD-2019-196173. OSV-DEBIAN-2019-196174. OSV-2019-196175. GCVE-2019-196176. SECURITY-TRACKER-CVE-2019-196177. lists.debian.org8. lists.debian.org

References

1. https://github.com/phpmyadmin/phpmyadmin/commit/1119de642b136d20e810bb20f545069a01dd7cc92. https://github.com/phpmyadmin/phpmyadmin/compare/RELEASE_4_9_1...RELEASE_4_9_23. https://www.phpmyadmin.net/news/2019/11/22/phpmyadmin-492-released

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.