CVE-2019-18622 — Vulnetix

CVE-2019-18622 PUBLISHED CVSS 9.800000190734863 CRITICAL

An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL injection attack through the designer feature.

EPSS 0.56% · 68.4th percentile

Risk Scores

CVSS v3.1

9.800000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.56%

68.4th percentile

Affected Products

Vendor	Product	Versions
phpmyadmin	phpmyadmin	0
n/a	n/a	*
opensuse	backports_sle	15.0, 15.0
fedoraproject	fedora	30, 31
opensuse	leap	15.1, 15.0
phpmyadmin	phpmyadmin	0

Timeline

Nov 22, 2019 CVE Published
Dec 3, 2019 CVE Updated
Apr 14, 2021 EPSS Score
Jun 22, 2021 EPSS Score
Aug 24, 2021 EPSS Score
Dec 27, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Feb 27, 2022 EPSS Score
Apr 1, 2022 EPSS Score
May 1, 2022 EPSS Score
Sep 4, 2022 EPSS Score

References

https://www.phpmyadmin.net/security/PMASA-2019-5/ url
FEDORA-2019-8f55b515f1 vendor-advisory
FEDORA-2019-db68ae1fca vendor-advisory
openSUSE-SU-2019:2599 vendor-advisory
openSUSE-SU-2020:0056 vendor-advisory
GLSA-202003-39 vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2019-18622 advisory
https://github.com/phpmyadmin/composer/commit/51acbf53564d9b52e78509a5688ec2b68976b5f7 url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BA4DGF7KTQS6WA2DRNJSW66L43WB7LRV url
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W5GW4KEMNCBQYZCIXEJYC42OEBBN2NSH url
https://www.phpmyadmin.net/security/PMASA-2019-5 url

Open in Interactive Console →