SUSE Package Hub - openSUSE-2020-56

Update Info

openSUSE-2020-56

Security update for phpMyAdmin

Type: security

Severity: important

Issued: 2020-01-14

Description:

This update for phpMyAdmin to version 4.9.4 fixes the following issues:

- CVE-2020-5504: SQL injection in user accounts page (boo#1160456).

References

CVE: CVE-2020-5504
CVE: CVE-2019-18622
CVE: CVE-2019-12922
Bugzilla: 1160456 VUL-0: CVE-2020-5504: phpMyAdmin: SQL injection in user accounts page
Bugzilla: 1157614 VUL-0: CVE-2019-18622: phpMyAdmin: SQL injection in Designer feature (PMASA-2019-5)
Bugzilla: 1150914 VUL-0: CVE-2019-12922: phpMyAdmin: CSRF allows deletion of any server in the Setup page

Packages

phpMyAdmin-4.9.4-bp151.3.12.1