[phpMyAdmin Developers] Bug Posted by Another User

18 Sep 2019


      It “seems" it would be an easy fix.  According to the original poster it says he alerted the development team.
I searched the archive and maybe he private messaged a couple developers?
https://www.cvedetails.com/cve/CVE-2019-12922/ https://www.cvedetails.com/cve/CVE-2019-12922/
https://seclists.org/fulldisclosure/2019/Sep/23 https://seclists.org/fulldisclosure/2019/Sep/23
The bug would have very low probability of exploit. You would have to be logged into an existing phpmyadmin session and simultaneously trick the user to click on a link while in the setup stage.
Thought I would post here that the bug is publicly posted.
Thanks,
Todd
P.S.  Enjoy phpmyadmin.  Been using it off and on over a decade.

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

[phpMyAdmin Developers] Bug Posted by Another User