Описание
Security update for phpMyAdmin
This update for phpMyAdmin fixes the following issues:
- phpMyAdmin was updated to 4.9.6
- CVE-2020-26934: Fixed an XSS relating to the transformation feature (boo#1177561).
- CVE-2020-26935: Fixed an SQL injection in SearchController (boo#1177562).
Список пакетов
SUSE Package Hub 12
phpMyAdmin-4.9.6-bp152.2.3.1
SUSE Package Hub 15 SP1
phpMyAdmin-4.9.6-bp152.2.3.1
SUSE Package Hub 15 SP2
phpMyAdmin-4.9.6-bp152.2.3.1
openSUSE Leap 15.1
phpMyAdmin-4.9.6-bp152.2.3.1
openSUSE Leap 15.2
phpMyAdmin-4.9.6-bp152.2.3.1
Ссылки
- E-Mail link for openSUSE-SU-2020:1675-1
- SUSE Security Ratings
- SUSE Bug 1177561
- SUSE Bug 1177562
- SUSE CVE CVE-2020-26934 page
- SUSE CVE CVE-2020-26935 page
Описание
phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link.
Затронутые продукты
SUSE Package Hub 12:phpMyAdmin-4.9.6-bp152.2.3.1
SUSE Package Hub 15 SP1:phpMyAdmin-4.9.6-bp152.2.3.1
SUSE Package Hub 15 SP2:phpMyAdmin-4.9.6-bp152.2.3.1
openSUSE Leap 15.1:phpMyAdmin-4.9.6-bp152.2.3.1
Ссылки
- CVE-2020-26934
- SUSE Bug 1177561
Описание
An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query.
Затронутые продукты
SUSE Package Hub 12:phpMyAdmin-4.9.6-bp152.2.3.1
SUSE Package Hub 15 SP1:phpMyAdmin-4.9.6-bp152.2.3.1
SUSE Package Hub 15 SP2:phpMyAdmin-4.9.6-bp152.2.3.1
openSUSE Leap 15.1:phpMyAdmin-4.9.6-bp152.2.3.1
Ссылки
- CVE-2020-26935
- SUSE Bug 1177562