Main Vulnerability Database Vulnerabilities #VU17236

#VU17236 Information disclosure in phpMyAdmin - CVE-2019-6799

Published: January 28, 2019

Vulnerability identifier: #VU17236

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-6799

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
phpMyAdmin

Software vendor:
phpMyAdmin

Description

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists due to mysql.allow_local_infile is enabled by default when using the 'mysql' extension. A remote attacker can use a rogue MySQL server when AllowArbitraryServer configuration set to true to read any file on the server that the web server's user can access.

Remediation

Update to version 4.8.5.

External links

https://www.phpmyadmin.net/security/PMASA-2019-1/

#VU17236 Information disclosure in phpMyAdmin - CVE-2019-6799

Description

Remediation

External links

Please verify you're human