[phpMyAdmin Developers] Bug Posted by Another User
Todd Reed
tdreed at abrimos.com
Wed Sep 18 12:55:41 CEST 2019
It “seems" it would be an easy fix. According to the original poster it says he alerted the development team.
I searched the archive and maybe he private messaged a couple developers?
https://www.cvedetails.com/cve/CVE-2019-12922/ <https://www.cvedetails.com/cve/CVE-2019-12922/>
https://seclists.org/fulldisclosure/2019/Sep/23 <https://seclists.org/fulldisclosure/2019/Sep/23>
The bug would have very low probability of exploit. You would have to be logged into an existing phpmyadmin session and simultaneously trick the user to click on a link while in the setup stage.
Thought I would post here that the bug is publicly posted.
Thanks,
Todd
P.S. Enjoy phpmyadmin. Been using it off and on over a decade.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.phpmyadmin.net/pipermail/developers/attachments/20190918/c4a35b1f/attachment.html>
More information about the Developers
mailing list