CVE-2019-6799

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2019-6799
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-6799.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-6799
Aliases
Downstream
Related
Published
2019-01-26T17:29:00.450Z
Modified
2026-04-10T04:19:55.129783Z
Severity
  • 5.9 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the mysql.allowlocalinfile PHP configuration, and the inadvertent ignoring of "options(MYSQLIOPTLOCAL_INFILE" calls.

References

Affected packages

Git / github.com/phpmyadmin/phpmyadmin

Affected ranges

Type
GIT
Repo
https://github.com/phpmyadmin/phpmyadmin
Events
Introduced
6da64cc3b2ba4439574f914f51e161645375be96
Last affected
56ba19808f020fa8ac63366d450c3928564a91b8
Database specific 
{
    "versions": [
        {
            "introduced": "4.0.0"
        },
        {
            "last_affected": "4.8.4"
        }
    ]
}

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-6799.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.0"
            }
        ]
    }
]