CVE-2019-6799


01/26/2019

CVE-2019-6799

An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server’s user can access. This is related to the mysql.allow_local_infile PHP configuration, and the inadvertent ignoring of “options(MYSQLI_OPT_LOCAL_INFILE” calls.

References: 
https://www.phpmyadmin.net/security/PMASA-2019-1/



Don't forget to share

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *