{"id":"CVE-2019-6799","details":"An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the mysql.allow_local_infile PHP configuration, and the inadvertent ignoring of \"options(MYSQLI_OPT_LOCAL_INFILE\" calls.","aliases":["GHSA-c8wj-q36q-3wg4"],"modified":"2026-04-10T04:19:55.129783Z","published":"2019-01-26T17:29:00.450Z","related":["openSUSE-SU-2019:0194-1","openSUSE-SU-2024:11171-1"],"references":[{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/106736"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2019/02/msg00039.html"},{"type":"FIX","url":"https://www.phpmyadmin.net/security/PMASA-2019-1/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/phpmyadmin/phpmyadmin","events":[{"introduced":"6da64cc3b2ba4439574f914f51e161645375be96"},{"last_affected":"56ba19808f020fa8ac63366d450c3928564a91b8"}],"database_specific":{"versions":[{"introduced":"4.0.0"},{"last_affected":"4.8.4"}]}}],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"8.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-6799.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}