Fluid Attacks Database

Description

phpMyAdmin SQL injection in Designer feature An issue was discovered in phpMyAdmin before 4.9.0.1. A vulnerability was reported where a specially crafted database name can be used to trigger an SQL injection attack through the designer feature.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
packagist	phpmyadmin/phpmyadmin	>=0 <4.9.0.1	4.9.0.1
debian 12	phpmyadmin	>=0 <4:4.9.1+dfsg1-2	4:4.9.1+dfsg1-2
debian 13	phpmyadmin	>=0 <4:4.9.1+dfsg1-2	4:4.9.1+dfsg1-2
debian 11	phpmyadmin	>=0 <4:4.9.1+dfsg1-2	4:4.9.1+dfsg1-2

Aliases

1. CVE-2019-117682. NVD-2019-117683. OSV-2019-117684. OSV-DEBIAN-2019-117685. GCVE-2019-117686. SECURITY-TRACKER-CVE-2019-11768

References

1. https://github.com/phpmyadmin/phpmyadmin/commit/c1ecafc38319e8f768c9259d4d580e42acd5ee862. https://www.phpmyadmin.net/security/PMASA-2019-3