Package phpMyAdmin updated to version 4.9.2-alt1 for branch sisyphus in task 241526.

Published: 2019-05-18

BDU:2019-04000

Уязвимость веб-приложения для администрирования систем управления базами данных phpMyAdmin, связанная с подделкой межсайтовых запросов, позволяющая нарушителю удалить любой сервер на странице установки

Severity: MEDIUM (4.3) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Severity: MEDIUM (4.3) Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

References:

Published: 2019-09-13
Modified: 2024-11-21

CVE-2019-12922

A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in the Setup page.

Severity: MEDIUM (5.8) Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

Published: 2019-11-22
Modified: 2024-11-21

CVE-2019-18622

An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL injection attack through the designer feature.

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2019-12-06
Modified: 2024-11-21

CVE-2019-19617

phpMyAdmin before 4.9.2 does not escape certain Git information, related to libraries/classes/Display/GitRevision.php and libraries/classes/Footer.php.

Severity: HIGH (7.5) Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Version: 2.1.2

Package phpMyAdmin update in sisyphus on 2019-11-23

ALT-PU-2019-3177-1

Closed vulnerabilities

BDU:2019-04000

CVE-2019-12922

CVE-2019-18622

CVE-2019-19617