advisories/24238.adv

type: security
subject: Updated phpmyadmin packages fix security vulnerabilities
src:
  6:
   core:
     - phpmyadmin-4.7.8-4.mga6
description: |
  - Possible SQL injection in Designer feature
  - When AllowArbitraryServer configuration set to true, with the use of a
  rogue MySQL server, an attacker can read any file on the server that the
  web server's user can access.
references:
 - https://bugs.mageia.org/show_bug.cgi?id=24238
 - https://www.phpmyadmin.net/security/PMASA-2019-1/
 - https://www.phpmyadmin.net/security/PMASA-2019-2/
ID: MGASA-2019-0057
1	type: security
2	subject: Updated phpmyadmin packages fix security vulnerabilities
3	src:
4	6:
5	core:
6	- phpmyadmin-4.7.8-4.mga6
7	description: \|
8	- Possible SQL injection in Designer feature
9	- When AllowArbitraryServer configuration set to true, with the use of a
10	rogue MySQL server, an attacker can read any file on the server that the
11	web server's user can access.
12	references:
13	- https://bugs.mageia.org/show_bug.cgi?id=24238
14	- https://www.phpmyadmin.net/security/PMASA-2019-1/
15	- https://www.phpmyadmin.net/security/PMASA-2019-2/
16	ID: MGASA-2019-0057