Announcement-ID: PMASA-2019-2
Date: 2019-01-22
SQL injection in Designer feature
A vulnerability was reported where a specially crafted username can be used to trigger an SQL injection attack through the designer feature.
We consider this vulnerability to be serious.
phpMyAdmin versions from 4.5.0 through 4.8.4 are affected
Upgrade to phpMyAdmin 4.8.5 or newer or apply patch listed below.
Thanks to YU-HSIANG HUANG (huang.yuhsiang.phone@gmail.com), YUNG-HAO TSENG, and Eddie TC CHANG for reporting this vulnerability.
Assigned CVE ids: 2019-6798
The following commits have been made on the 4.8 branch to fix this issue:
For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.