Description

An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability was reported where a specially crafted username can be used to trigger a SQL injection attack through the designer feature.

Remediation

References

CVE-2019-6798

Related Vulnerabilities

WordPress Plugin Calculated Fields Form Multiple SQL Injection Vulnerabilities (1.0.10)

WordPress 3.1.2 Multiple Vulnerabilities (3.0.1 - 3.1.2)

WordPress Plugin UserPro-Community and User Profile Privilege Escalation (4.9.27)

PHP Use After Free Vulnerability (CVE-2016-6295)

TYPO3 Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2021-21357)

Severity

Critical

Classification

CVE-2019-6798 CWE-138 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities