Hi everybody, I am a phpMyAdmin team member and I wrote the patch and found the security vulnerability.
So please chose between: - Consider uploading the 4.9.2 version and make happy users by new features and bug fixes - Trust me and set the CVE as unaffected versions before 4.7.7 are not affected because the code does not support the special characters you need to trigger the injection. I do not want to be misunderstood this is why my message is straightforward. Have a nice day, William -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. https://bugs.launchpad.net/bugs/1854373 Title: CVE affecting phpMyAdmin 4.x To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/phpmyadmin/+bug/1854373/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs