Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 701830 (CVE-2019-18622) - <dev-db/phpmyadmin-4.9.2: a crafted database/table name can be used to trigger an SQL injection attack through the designer feature (CVE-2019-18622)
Summary: <dev-db/phpmyadmin-4.9.2: a crafted database/table name can be used to trigge...
Alias: CVE-2019-18622
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: B2 [glsa+ cve]
Depends on:
Reported: 2019-12-02 22:52 UTC by GLSAMaker/CVETool Bot
Modified: 2020-03-19 16:21 UTC (History)
2 users (show)

See Also:
Package list:
=dev-db/phpmyadmin-4.9.2 amd64 ppc ppc64 sparc x86
Runtime testing required: ---
stable-bot: sanity-check+


Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2019-12-02 22:52:06 UTC
CVE-2019-18622 (
  An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table
  name can be used to trigger an SQL injection attack through the designer
Comment 1 Miroslav Šulc gentoo-dev 2019-12-03 10:37:23 UTC
we have 4.9.2 (unaffected) in the tree for ~2 days.

commit b393a9bdd8e49c2a75c1760190fd864362b8532f
Author: Miroslav Šulc <>
Date:   Sun Dec 1 19:37:04 2019 +0100

    dev-db/phpmyadmin-4.9.2: bump
    Package-Manager: Portage-2.3.80, Repoman-2.3.19
    Signed-off-by: Miroslav Šulc <>

it's security and bugfix release:

i suppose it can go stable so archs please stabilize.
Comment 2 Agostino Sarubbo gentoo-dev 2019-12-09 13:10:52 UTC
amd64 stable
Comment 3 Agostino Sarubbo gentoo-dev 2019-12-10 08:54:21 UTC
x86 stable
Comment 4 Agostino Sarubbo gentoo-dev 2019-12-10 08:56:39 UTC
ppc64 stable
Comment 5 Agostino Sarubbo gentoo-dev 2019-12-10 08:57:18 UTC
sparc stable
Comment 6 Agostino Sarubbo gentoo-dev 2019-12-10 10:56:01 UTC
ppc stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 7 Larry the Git Cow gentoo-dev 2019-12-10 11:03:15 UTC
The bug has been referenced in the following commit(s):

commit d6b3b97b42cb8014c6beb424a3d7e604e3e1f052
Author:     Miroslav Šulc <>
AuthorDate: 2019-12-10 11:02:51 +0000
Commit:     Miroslav Šulc <>
CommitDate: 2019-12-10 11:02:51 +0000

    dev-db/phpmyadmin-4.9.1: removed old and vulnerable
    Package-Manager: Portage-2.3.81, Repoman-2.3.20
    Signed-off-by: Miroslav Šulc <>

 dev-db/phpmyadmin/Manifest                |  1 -
 dev-db/phpmyadmin/phpmyadmin-4.9.1.ebuild | 61 -------------------------------
 2 files changed, 62 deletions(-)
Comment 8 Thomas Deutschmann (RETIRED) gentoo-dev 2020-03-19 16:05:37 UTC
New GLSA request filed.
Comment 9 GLSAMaker/CVETool Bot gentoo-dev 2020-03-19 16:21:05 UTC
This issue was resolved and addressed in
 GLSA 202003-39 at
by GLSA coordinator Thomas Deutschmann (whissi).