[phpMyAdmin Developers] Bug Posted by Another User

Todd Reed tdreed at abrimos.com
Wed Sep 18 12:55:41 CEST 2019


It “seems" it would be an easy fix.  According to the original poster it says he alerted the development team.

I searched the archive and maybe he private messaged a couple developers?

https://www.cvedetails.com/cve/CVE-2019-12922/ <https://www.cvedetails.com/cve/CVE-2019-12922/>

https://seclists.org/fulldisclosure/2019/Sep/23 <https://seclists.org/fulldisclosure/2019/Sep/23>

The bug would have very low probability of exploit. You would have to be logged into an existing phpmyadmin session and simultaneously trick the user to click on a link while in the setup stage.

Thought I would post here that the bug is publicly posted.

Thanks,
Todd

P.S.  Enjoy phpmyadmin.  Been using it off and on over a decade.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.phpmyadmin.net/pipermail/developers/attachments/20190918/c4a35b1f/attachment.html>


More information about the Developers mailing list