MGASA-2020-0383

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2020-0383.html

Import Source

https://advisories.mageia.org/MGASA-2020-0383.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2020-0383

Related

Published

2020-10-16T15:44:59Z

Modified

2020-10-16T15:07:08Z

Summary

Updated phpmyadmin packages fix security vulnerabilities

Details

A vulnerability was discovered where an attacker can cause an XSS attack through the transformation feature. If an attacker sends a crafted link to the victim with the malicious JavaScript, when the victim clicks on the link, the JavaScript will run and complete the instructions made by the attacker. (CVE-2020-26934)

An SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query. (CVE-2020-26935)

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:7 / phpmyadmin

Package

Name: phpmyadmin
Purl: pkg:rpm/mageia/phpmyadmin?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.9.6-1.mga7

Ecosystem specific

{
    "section": "core"
}