Moderate severityOSV Advisory· Published Jan 26, 2019· Updated Aug 4, 2024
CVE-2019-6799
CVE-2019-6799
Description
An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the mysql.allow_local_infile PHP configuration, and the inadvertent ignoring of "options(MYSQLI_OPT_LOCAL_INFILE" calls.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
phpmyadmin/phpmyadminPackagist | >= 4.8, < 4.8.5 | 4.8.5 |
Affected products
6- ghsa-coords5 versionspkg:composer/phpmyadmin/phpmyadminpkg:rpm/opensuse/phpMyAdmin&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/phpMyAdmin&distro=openSUSE%20Tumbleweedpkg:rpm/suse/phpMyAdmin&distro=SUSE%20Package%20Hub%2012pkg:rpm/suse/phpMyAdmin&distro=SUSE%20Package%20Hub%2015
>= 4.8, < 4.8.5+ 4 more
- (no CPE)range: >= 4.8, < 4.8.5
- (no CPE)range: < 4.8.5-bp150.3.9.1
- (no CPE)range: < 5.1.1-1.2
- (no CPE)range: < 4.8.5-bp150.3.9.1
- (no CPE)range: < 4.8.5-bp150.3.9.1
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-c8wj-q36q-3wg4ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-6799ghsaADVISORY
- www.securityfocus.com/bid/106736ghsavdb-entryx_refsource_BIDWEB
- lists.debian.org/debian-lts-announce/2019/02/msg00039.htmlghsamailing-listx_refsource_MLISTWEB
- www.phpmyadmin.net/security/PMASA-2019-1ghsaWEB
- www.phpmyadmin.net/security/PMASA-2019-1/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.