Updated phpmyadmin packages fix security vulnerabilities

2020-10-1618:44:59

Gentoo Foundation

advisories.mageia.org

0.008 Low

EPSS

Percentile

82.0%

JSON

A vulnerability was discovered where an attacker can cause an XSS attack through the transformation feature. If an attacker sends a crafted link to the victim with the malicious JavaScript, when the victim clicks on the link, the JavaScript will run and complete the instructions made by the attacker. (CVE-2020-26934) An SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query. (CVE-2020-26935)

OSVersionArchitecturePackageVersionFilename
Mageia7noarchphpmyadmin< 4.9.6-1phpmyadmin-4.9.6-1.mga7

OS	Version	Architecture	Package	Version	Filename
Mageia	7	noarch	phpmyadmin	< 4.9.6-1	phpmyadmin-4.9.6-1.mga7

References

bugs.mageia.org/show_bug.cgi?id=27379

www.phpmyadmin.net/news/2020/10/10/phpmyadmin-496-and-503-are-released/

www.phpmyadmin.net/security/PMASA-2020-5/

www.phpmyadmin.net/security/PMASA-2020-6/

0.008 Low

EPSS

Percentile

82.0%

JSON

Related for MGASA-2020-0383