Risk | Low |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2019-6799 |
CWE-ID | CWE-200 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
phpmyadmin (Alpine package) Operating systems & Components / Operating system package or component |
Vendor | Alpine Linux Development Team |
Security Bulletin
This security bulletin contains one low risk vulnerability.
EUVDB-ID: #VU17236
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-6799
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information.
The vulnerability exists due to mysql.allow_local_infile is enabled by default when using the 'mysql' extension. A remote attacker can use a rogue MySQL server when AllowArbitraryServer configuration set to true to read any file on the server that the web server's user can access.
MitigationInstall update from vendor's website.
Vulnerable software versionsphpmyadmin (Alpine package): 4.5.1-r0 - 4.8.4-r0
External linkshttp://git.alpinelinux.org/aports/commit/?id=b6bc53c8f8d4d1c2bea0d2da63e2a995da9dee54
http://git.alpinelinux.org/aports/commit/?id=7bbc0dad2f8260a50fa078b831a3b1a46024aaac
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.