phpMyAdmin 4.9.0 SQL Injection Vulnerability

Summary

An issue was discovered in phpMyAdmin before 4.9.0.1. A vulnerability was reported where a specially crafted database name can be used to trigger an SQL injection attack through the designer feature.

Credit:

The information has been provided by William Desportes

The original article can be found at: https://www.phpmyadmin.net/security/PMASA-2019-3/


Details

Phpmyadmin is prone to a SQL injection vulnerability.This allows remote attackers to execute arbitrary SQL commands via certain vulnerable vectors.

 

Vulnerable Systems:

  • Phpmyadmin 0.9.0
  • Phpmyadmin 1.0.0
  • Phpmyadmin 1.0.1
  • Phpmyadmin 1.0.2
  • Phpmyadmin 1.0.3
  • Phpmyadmin 1.0.4
  • Phpmyadmin 1.0.5
  • Phpmyadmin 1.0.6
  • Phpmyadmin 1.0.6
  • Phpmyadmin 1.0.7
  • Phpmyadmin 1.0.8
  • Phpmyadmin 1.1
  • Phpmyadmin 1.1.0
  • Phpmyadmin 1.2
  • Phpmyadmin 1.2.0
  • Phpmyadmin 1.2.1
  • Phpmyadmin 1.2.2
  • Phpmyadmin 1.2.3
  • Phpmyadmin 1.2.4
  • Phpmyadmin 1.2.5
  • Phpmyadmin 1.2.6
  • Phpmyadmin 1.2.7
  • Phpmyadmin 1.2.8
  • Phpmyadmin 1.2.9
  • Phpmyadmin 1.2.9.1
  • Phpmyadmin 1.2.9.2
  • Phpmyadmin 1.2.9.3
  • Phpmyadmin 1.2.9.4
  • Phpmyadmin 1.2.9.4
  • Phpmyadmin 1.2.9.5
  • Phpmyadmin 1.3
  • Phpmyadmin 1.3
  • Phpmyadmin 1.3.0
  • Phpmyadmin 1.3.1
  • Phpmyadmin 2.0.5
  • Phpmyadmin 2.1.0
  • Phpmyadmin 2.2.0
  • Phpmyadmin 2.3.0
  • Phpmyadmin 2.4.0
  • Phpmyadmin 2.5.0
  • Phpmyadmin 2.6.0
  • Phpmyadmin 2.7.0
  • Phpmyadmin 2.8.0
  • Phpmyadmin 2.9.0
  • Phpmyadmin 2.9.0
  • Phpmyadmin 2.9.0
  • Phpmyadmin 2.9.0.1
  • Phpmyadmin 2.9.0.2
  • Phpmyadmin 2.9.0.3
  • Phpmyadmin 2.9.1
  • Phpmyadmin 2.9.1
  • Phpmyadmin 2.9.1
  • Phpmyadmin 2.10.2
  • Phpmyadmin 2.10.3
  • Phpmyadmin 2.11.0
  • Phpmyadmin 2.11.1.0
  • Phpmyadmin 2.11.1.1
  • Phpmyadmin 2.11.1.2
  • Phpmyadmin 2.11.2.0
  • Phpmyadmin 2.11.2.1
  • Phpmyadmin 2.11.2.2
  • Phpmyadmin 2.11.3.0
  • Phpmyadmin 2.11.4.0
  • Phpmyadmin 2.11.5.0
  • Phpmyadmin 2.11.5.1
  • Phpmyadmin 2.11.5.2
  • Phpmyadmin 2.11.6.0
  • Phpmyadmin 2.11.7.0
  • Phpmyadmin 2.11.7.1
  • Phpmyadmin 2.11.7.12.11.7.1
  • Phpmyadmin 2.11.8.0
  • Phpmyadmin 2.11.9.0
  • Phpmyadmin 2.11.9.1
  • Phpmyadmin 2.11.9.2
  • Phpmyadmin 2.11.9.3
  • Phpmyadmin 2.11.9.4
  • Phpmyadmin 2.11.9.5
  • Phpmyadmin 2.11.9.6
  • Phpmyadmin 2.11.10.0
  • Phpmyadmin 2.11.10.1
  • Phpmyadmin 2.11.11
  • Phpmyadmin 2.11.11.1
  • Phpmyadmin 2.11.11.2
  • Phpmyadmin 2.11.11.3
  • Phpmyadmin 3.0.0
  • Phpmyadmin 3.0.0
  • Phpmyadmin 3.0.0
  • Phpmyadmin 3.0.0
  • Phpmyadmin 3.0.1
  • Phpmyadmin 3.0.1
  • Phpmyadmin 3.0.1.1
  • Phpmyadmin 3.1.0
  • Phpmyadmin 3.1.0
  • Phpmyadmin 3.1.1
  • Phpmyadmin 3.1.1
  • Phpmyadmin 3.1.2
  • Phpmyadmin 3.1.2
  • Phpmyadmin 3.1.3
  • Phpmyadmin 3.1.3
  • Phpmyadmin 3.1.3.1
  • Phpmyadmin 3.1.3.2
  • Phpmyadmin 3.1.4
  • Phpmyadmin 3.1.4
  • Phpmyadmin 3.1.5
  • Phpmyadmin 3.1.5
  • Phpmyadmin 3.2.0
  • Phpmyadmin 3.2.0
  • Phpmyadmin 3.2.0
  • Phpmyadmin 3.2.1
  • Phpmyadmin 3.2.1
  • Phpmyadmin 3.2.2
  • Phpmyadmin 3.2.2
  • Phpmyadmin 3.3.0
  • Phpmyadmin 3.3.0.0
  • Phpmyadmin 3.3.1.0
  • Phpmyadmin 3.3.2.0
  • Phpmyadmin 3.3.3.0
  • Phpmyadmin 3.3.4.0
  • Phpmyadmin 3.3.5.0
  • Phpmyadmin 3.3.5.1
  • Phpmyadmin 3.3.6
  • Phpmyadmin 3.3.7
  • Phpmyadmin 3.3.8
  • Phpmyadmin 3.3.8.1
  • Phpmyadmin 3.3.9
  • Phpmyadmin 3.3.9.0
  • Phpmyadmin 3.3.9.1
  • Phpmyadmin 3.3.9.2
  • Phpmyadmin 3.3.10
  • Phpmyadmin 3.3.10.0
  • Phpmyadmin 3.3.10.1
  • Phpmyadmin 3.3.10.2
  • Phpmyadmin 3.3.10.3
  • Phpmyadmin 3.3.10.4
  • Phpmyadmin 3.3.10.5
  • Phpmyadmin 3.4.0
  • Phpmyadmin 3.4.0.0
  • Phpmyadmin 3.4.1
  • Phpmyadmin 3.4.1.0
  • Phpmyadmin 3.4.2
  • Phpmyadmin 3.4.2.0
  • Phpmyadmin 3.4.3
  • Phpmyadmin 3.4.3.0
  • Phpmyadmin 3.4.3.1
  • Phpmyadmin 3.4.3.2
  • Phpmyadmin 3.4.4
  • Phpmyadmin 3.4.4.0
  • Phpmyadmin 3.4.5
  • Phpmyadmin 3.4.5.0
  • Phpmyadmin 3.4.6

    CVE Information:
    CVE-2018-11768

    Disclosure Timeline:
    Publish Date:06/05/2019

    Categories: News