Description

An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability was reported where a specially crafted username can be used to trigger a SQL injection attack through the designer feature.

Remediation

References

CVE-2019-6798

Related Vulnerabilities

WordPress Plugin Nmedia WordPress Member Conversation 'doupload.php' Arbitrary File Upload (1.3)

WordPress Plugin Custom Content Type Manager Remote Code Execution (0.9.8.5)

Ruby on Rails Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-8264)

Joomla! Core 3.x.x Multiple Cross-Site Scripting Vulnerabilities (3.0.0 - 3.9.3)

WordPress Plugin Flog Server-Side Request Forgery (1.0beta3)

Severity

Critical

Classification

CVE-2019-6798 CWE-138 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities