SUSE Package Hub - openSUSE-2020-405

Update Info

openSUSE-2020-405

Security update for phpMyAdmin

Type: security

Severity: moderate

Issued: 2020-03-29

Description:

This update for phpMyAdmin to version 4.9.5 fixes the following issues:

- phpmyadmin was updated to 4.9.5: 

- CVE-2020-10804: Fixed an SQL injection in the user accounts page, 
  particularly when changing a password (boo#1167335 PMASA-2020-2).
- CVE-2020-10802: Fixed an SQL injection in the search feature 
  (boo#1167336 PMASA-2020-3).
- CVE-2020-10803: Fixed an SQL injection and XSS when displaying 
  results (boo#1167337 PMASA-2020-4).
- Removed the "options" field for the external transformation.

References

CVE: CVE-2020-10804
CVE: CVE-2020-10803
CVE: CVE-2020-10802
Bugzilla: 1167337 VUL-0: CVE-2020-10803: phpMyAdmin: SQL injection relating to data display (PMASA-2020-4)
Bugzilla: 1167336 VUL-0: CVE-2020-10802: phpMyAdmin: SQL injection relating to searching (PMASA-2020-3)
Bugzilla: 1167335 VUL-0: CVE-2020-10804: phpMyAdmin: SQL injection with processing username (PMASA-2020-2)

Packages

phpMyAdmin-4.9.5-43.1