ALT Linux Team

Package phpMyAdmin update in sisyphus on 2019-11-23

ALT-PU-2019-3177-1

Package phpMyAdmin updated to version 4.9.2-alt1 for branch sisyphus in task 241526.

Closed vulnerabilities

Published: 2019-05-18

BDU:2019-04000

Уязвимость веб-приложения для администрирования систем управления базами данных phpMyAdmin, связанная с подделкой межсайтовых запросов, позволяющая нарушителю удалить любой сервер на странице установки

Severity: MEDIUM (4.3) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
References:
Published: 2019-09-13
Modified: 2024-11-21

CVE-2019-12922

A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in the Setup page.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
References:
Published: 2019-11-23
Modified: 2024-11-21

CVE-2019-18622

An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL injection attack through the designer feature.

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
Published: 2019-12-06
Modified: 2024-11-21

CVE-2019-19617

phpMyAdmin before 4.9.2 does not escape certain Git information, related to libraries/classes/Display/GitRevision.php and libraries/classes/Footer.php.

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.0
Back to top