MGASA-2020-0033

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2020-0033.html

Import Source

https://advisories.mageia.org/MGASA-2020-0033.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2020-0033

Related

CVE-2020-5504

Published

2020-01-11T23:52:04Z

Modified

2020-01-11T23:32:20Z

Summary

Updated phpmyadmin packages fix security vulnerability

Details

Updated phpmyadmin package fix security vulnerability:

A SQL injection flaw has been discovered in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server (CVE-2020-5504).

References

https://advisories.mageia.org/MGASA-2020-0033.html
https://bugs.mageia.org/show_bug.cgi?id=26036
https://www.phpmyadmin.net/news/2020/1/8/phpmyadmin-494-and-501-are-released/
https://www.phpmyadmin.net/security/PMASA-2020-1/

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

MGASA-2020-0033

Affected packages