Fluid Attacks Database

Description

phpMyAdmin SQL injection in Designer feature An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability was reported where a specially crafted username can be used to trigger a SQL injection attack through the designer feature.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	phpmyadmin	>=0 <4:4.9.1+dfsg1-2	4:4.9.1+dfsg1-2
packagist	phpmyadmin/phpmyadmin	>=0 <4.8.5	4.8.5
debian 11	phpmyadmin	>=0 <4:4.9.1+dfsg1-2	4:4.9.1+dfsg1-2
debian 13	phpmyadmin	>=0 <4:4.9.1+dfsg1-2	4:4.9.1+dfsg1-2

Aliases

1. CVE-2019-67982. NVD-2019-67983. OSV-DEBIAN-2019-67984. OSV-2019-67985. GCVE-2019-67986. SECURITY-TRACKER-CVE-2019-6798

References

1. https://www.phpmyadmin.net/security/PMASA-2019-22. http://www.securityfocus.com/bid/106727