CVE-2019-6799

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2019-6799
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-6799.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-6799
Aliases
Related
Published
2019-01-26T17:29:00Z
Modified
2024-06-06T12:58:11.025141Z
Severity
  • 5.9 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the mysql.allowlocalinfile PHP configuration, and the inadvertent ignoring of "options(MYSQLIOPTLOCAL_INFILE" calls.

References

Affected packages

Git / github.com/phpmyadmin/phpmyadmin

Affected ranges

Type
GIT
Repo
https://github.com/phpmyadmin/phpmyadmin
Events

Affected versions

Other

RELEASE_4_0_0
RELEASE_4_0_1RC1
RELEASE_4_0_2
RELEASE_4_0_2RC1
RELEASE_4_0_3
RELEASE_4_0_3RC1
RELEASE_4_0_4
RELEASE_4_0_4RC1
RELEASE_4_0_4_1
RELEASE_4_0_4_2
RELEASE_4_0_5RC1
RELEASE_4_0_6
RELEASE_4_0_6RC1
RELEASE_4_0_6RC2
RELEASE_4_1_0ALPHA1
RELEASE_4_1_0ALPHA2
RELEASE_4_1_0BETA1
RELEASE_4_1_0BETA2
RELEASE_4_1_0RC1
RELEASE_4_1_0RC2
RELEASE_4_1_0RC3
RELEASE_4_2_0
RELEASE_4_2_0ALPHA1
RELEASE_4_2_0ALPHA2
RELEASE_4_2_0BETA1
RELEASE_4_2_0RC1
RELEASE_4_2_10
RELEASE_4_2_10_1
RELEASE_4_2_11
RELEASE_4_2_12
RELEASE_4_2_13
RELEASE_4_2_13_1
RELEASE_4_2_7
RELEASE_4_2_7_1
RELEASE_4_2_8
RELEASE_4_2_8_1
RELEASE_4_2_9
RELEASE_4_2_9_1
RELEASE_4_3_0
RELEASE_4_3_0ALPHA1
RELEASE_4_3_0BETA1
RELEASE_4_3_0RC1
RELEASE_4_3_0RC2
RELEASE_4_3_1
RELEASE_4_3_10
RELEASE_4_3_11
RELEASE_4_3_11_1
RELEASE_4_3_12
RELEASE_4_3_13
RELEASE_4_3_2
RELEASE_4_3_3
RELEASE_4_3_4
RELEASE_4_3_5
RELEASE_4_3_6
RELEASE_4_3_7
RELEASE_4_3_8
RELEASE_4_3_9
RELEASE_4_4_0
RELEASE_4_4_0ALPHA1
RELEASE_4_4_1
RELEASE_4_4_10
RELEASE_4_4_11
RELEASE_4_4_12
RELEASE_4_4_13
RELEASE_4_4_13_1
RELEASE_4_4_14
RELEASE_4_4_14_1
RELEASE_4_4_15
RELEASE_4_4_15_1
RELEASE_4_4_15_2
RELEASE_4_4_1_1
RELEASE_4_4_2
RELEASE_4_4_3
RELEASE_4_4_4
RELEASE_4_4_5
RELEASE_4_4_6
RELEASE_4_4_6_1
RELEASE_4_4_7
RELEASE_4_4_8
RELEASE_4_4_9
RELEASE_4_5_0
RELEASE_4_5_0RC1
RELEASE_4_5_0_1
RELEASE_4_5_0_2
RELEASE_4_5_1
RELEASE_4_5_2
RELEASE_4_5_3
RELEASE_4_5_3_1
RELEASE_4_5_4
RELEASE_4_5_4_1
RELEASE_4_5_5
RELEASE_4_5_5_1
RELEASE_4_6_0
RELEASE_4_6_0ALPHA1
RELEASE_4_6_0RC1
RELEASE_4_6_0RC2
RELEASE_4_6_1
RELEASE_4_6_2
RELEASE_4_6_3
RELEASE_4_6_4
RELEASE_4_6_5
RELEASE_4_6_5_1
RELEASE_4_6_5_2
RELEASE_4_6_6
RELEASE_4_7_0
RELEASE_4_7_0BETA1
RELEASE_4_7_0RC1
RELEASE_4_7_1
RELEASE_4_7_2
RELEASE_4_7_3
RELEASE_4_7_4
RELEASE_4_7_5
RELEASE_4_7_6
RELEASE_4_7_7
RELEASE_4_7_8
RELEASE_4_7_9
RELEASE_4_8_0
RELEASE_4_8_0ALPHA1
RELEASE_4_8_0RC1
RELEASE_4_8_0_1
RELEASE_4_8_1
RELEASE_4_8_2
RELEASE_4_8_3
RELEASE_4_8_4