SQL injection in Designer feature
A vulnerability was reported where a specially crafted username can be used to trigger an SQL injection attack through the designer feature.
We consider this vulnerability to be serious.
phpMyAdmin versions from 4.5.0 through 4.8.4 are affected
Upgrade to phpMyAdmin 4.8.5 or newer or apply patch listed below.
Assigned CVE ids: 2019-6798
The following commits have been made on the 4.8 branch to fix this issue:
For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.