- Plesk for Linux
- PMASA-2019-5 affects phpMyAdmin versions from 4.7.7 through 4.9.2. SQL injection attack is possible through the designer feature using a specially crafted username.
By default, Plesk servers are not affected.
Plesk does not allow to create database users with special symbols in its name. Only DB Server Admin can create database users directly via MySQL. Also, injection is possible into the phpMyAdmin database only.
Call to action
For CVE-2019-6798, no actions are required in case all users were created via Plesk and no one was creating the users manually on the server.
Consider subscribing to this article to be notified when phpMyAdmin shipped with Plesk will be updated to by any means non-affected version and keep the Plesk server up-to-date.