CVE-2019-6799: Information Exposure

January 26, 2019 (updated February 28, 2019)

When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server’s user can access. This is related to the mysql.allow_local_infile PHP configuration, and the inadvertent ignoring of options(MYSQLI_OPT_LOCAL_INFILE calls.

References

www.securityfocus.com/bid/106736
nvd.nist.gov/vuln/detail/CVE-2019-6799
www.phpmyadmin.net/security/PMASA-2019-1/

Detect and mitigate CVE-2019-6799 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →