MGASA-2020-0383

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2020-0383.html

Import Source

https://advisories.mageia.org/MGASA-2020-0383.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2020-0383

Related

Published

2020-10-16T15:44:59Z

Modified

2020-10-16T15:07:08Z

Summary

Updated phpmyadmin packages fix security vulnerabilities

Details

A vulnerability was discovered where an attacker can cause an XSS attack through the transformation feature. If an attacker sends a crafted link to the victim with the malicious JavaScript, when the victim clicks on the link, the JavaScript will run and complete the instructions made by the attacker. (CVE-2020-26934)

An SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query. (CVE-2020-26935)

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

MGASA-2020-0383

Affected packages