PT-2019-5541 · Phpmyadmin+4 · Phpmyadmin+4

William Desportes

Publicado

2019-06-05

Atualizado

2024-06-15

CVE-2019-11768

CVSS v2.0

Crítica

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions phpMyAdmin versions prior to 4.9.0.1

Description The issue is related to a specially crafted database name that can trigger an SQL injection attack through the designer feature. This is due to the lack of protection measures for the SQL query structure in the designer feature, specifically in the move.js file. An attacker can exploit this to execute arbitrary code remotely.

Recommendations For versions prior to 4.9.0.1, update to version 4.9.0.1 or later to resolve the issue. As a temporary workaround, consider disabling the designer feature until a patch is available. Restrict access to the move.js file to minimize the risk of exploitation. Avoid using specially crafted database names in the affected feature until the issue is resolved.

Correção

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89

Identificadores relacionados

ALT-PU-2019-2041

ALT-PU-2020-3212

ALT-PU-2021-3657

BDU:2020-03949

CVE-2019-11768

GHSA-X37V-98F9-MJ32

MGASA-2019-0200

OPENSUSE-SU-2019:1689-1

OPENSUSE-SU-2019:1861-1

OPENSUSE-SU-2019_1689-1

OPENSUSE-SU-2024:11171-1

USN-4639-1

USN-4843-1

Produtos afetados

Alt Linux

Linuxmint

Suse

Ubuntu

Phpmyadmin

PT-2019-5541 · Phpmyadmin+4 · Phpmyadmin+4

CVE-2019-11768

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 139