CVE-2019-6799

Published: 26 January 2019

An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the mysql.allow_local_infile PHP configuration, and the inadvertent ignoring of "options(MYSQLI_OPT_LOCAL_INFILE" calls.

From the Ubuntu security team

It was discovered that phpMyAdmin would allow sensitive files to be leaked if certain configuration options were set. An attacker could use this vulnerability to access confidential information.

Priority

Medium

CVSS 3 base score: 5.9

Status

Package Release Status
phpmyadmin
Launchpad, Ubuntu, Debian
Upstream
Released (4.8.5, 4:4.9.1+dfsg1-2)
Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(4:4.9.2+dfsg1-1)
Ubuntu 20.10 (Groovy Gorilla) Not vulnerable
(4:4.9.2+dfsg1-1)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(4:4.9.2+dfsg1-1)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (4:4.6.6-5ubuntu0.5)
Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(end of standard support, was needed)
Ubuntu 14.04 ESM (Trusty Tahr) Needed

Patches:
Upstream: https://github.com/phpmyadmin/phpmyadmin/commit/aeac90623e525057a7672ab3d98154b5c57c15ec
Upstream: https://github.com/phpmyadmin/phpmyadmin/commit/c5e01f84ad48c5c626001cb92d7a95500920a900