Miggo Logo

CVE-2019-19617: phpMyAdmin unsanitized Git information

9.8

CVSS Score
3.1

Basic Information

EPSS Score
0.77599%
CWE
-
Published
5/24/2022
Updated
4/24/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
phpmyadmin/phpmyadmincomposer< 4.9.24.9.2

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from unescaped output of Git metadata in HTML contexts. The patch adds htmlspecialchars() around variables like $commit_hash, $branch, $repobase, and $revision. Both identified functions directly handle Git version information display:

  1. GitRevision::display() builds version information links without proper escaping in the original code
  2. Footer::_getDemoMessage() constructs demo messages with raw Git parameters These functions output user-controlled Git data (which could be manipulated in compromised repositories) without sanitization, creating XSS vectors. The high confidence comes from the explicit patching of these specific functions with HTML escaping in the provided diff.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

p*pMy**min ***or* *.*.* *o*s not *s**p* **rt*in *it in*orm*tion, r*l*t** to `li*r*ri*s/*l*ss*s/*ispl*y/*itR*vision.p*p *n* li*r*ri*s/*l*ss*s/*oot*r.p*p`.

Reasoning

T** vuln*r**ility st*ms *rom un*s**p** output o* *it m*t***t* in *TML *ont*xts. T** p*t** ***s *tmlsp**i*l***rs() *roun* v*ri**l*s lik* $*ommit_**s*, $*r*n**, $r*po**s*, *n* $r*vision. *ot* i**nti*i** *un*tions *ir**tly **n*l* *it v*rsion in*orm*tion