Source: phpmyadmin Version: 4:4.9.1+dfsg1-2 Severity: grave Tags: security upstream Justification: user security hole
Hi, The following vulnerability was published for phpmyadmin. CVE-2019-18622[0]: | An issue was discovered in phpMyAdmin before 4.9.2. A crafted | database/table name can be used to trigger a SQL injection attack | through the designer feature. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-18622 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18622 [1] https://www.phpmyadmin.net/security/PMASA-2019-5/ Please adjust the affected versions in the BTS as needed. Versions at least as old as 4.7.7 are affected, possibly olders as well, but looks upstream has only confirmed it (or investigated it) back to 4.7.7. Regards, Salvatore