Описание
Security update for phpMyAdmin
This update for phpMyAdmin to version 4.9.4 fixes the following issues:
- CVE-2020-5504: SQL injection in user accounts page (boo#1160456).
Список пакетов
SUSE Package Hub 12
phpMyAdmin-4.9.4-bp151.3.12.1
SUSE Package Hub 15
phpMyAdmin-4.9.4-bp151.3.12.1
SUSE Package Hub 15 SP1
phpMyAdmin-4.9.4-bp151.3.12.1
openSUSE Leap 15.1
phpMyAdmin-4.9.4-bp151.3.12.1
Ссылки
- E-Mail link for openSUSE-SU-2020:0056-1
- SUSE Security Ratings
- SUSE Bug 1150914
- SUSE Bug 1157614
- SUSE Bug 1160456
- SUSE CVE CVE-2019-12922 page
- SUSE CVE CVE-2019-18622 page
- SUSE CVE CVE-2020-5504 page
Описание
A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in the Setup page.
Затронутые продукты
SUSE Package Hub 12:phpMyAdmin-4.9.4-bp151.3.12.1
SUSE Package Hub 15 SP1:phpMyAdmin-4.9.4-bp151.3.12.1
SUSE Package Hub 15:phpMyAdmin-4.9.4-bp151.3.12.1
openSUSE Leap 15.1:phpMyAdmin-4.9.4-bp151.3.12.1
Ссылки
- CVE-2019-12922
- SUSE Bug 1150914
Описание
An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL injection attack through the designer feature.
Затронутые продукты
SUSE Package Hub 12:phpMyAdmin-4.9.4-bp151.3.12.1
SUSE Package Hub 15 SP1:phpMyAdmin-4.9.4-bp151.3.12.1
SUSE Package Hub 15:phpMyAdmin-4.9.4-bp151.3.12.1
openSUSE Leap 15.1:phpMyAdmin-4.9.4-bp151.3.12.1
Ссылки
- CVE-2019-18622
- SUSE Bug 1157614
- SUSE Bug 1158801
Описание
In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server.
Затронутые продукты
SUSE Package Hub 12:phpMyAdmin-4.9.4-bp151.3.12.1
SUSE Package Hub 15 SP1:phpMyAdmin-4.9.4-bp151.3.12.1
SUSE Package Hub 15:phpMyAdmin-4.9.4-bp151.3.12.1
openSUSE Leap 15.1:phpMyAdmin-4.9.4-bp151.3.12.1
Ссылки
- CVE-2020-5504
- SUSE Bug 1160456