Описание
Security update for phpMyAdmin
This update for phpMyAdmin fixes the following issues:
Update to 4.9.11:
- CVE-2023-25727: Fixed XSS vulnerability in drag-and-drop upload (boo#1208186).
Список пакетов
SUSE Package Hub 12
phpMyAdmin-4.9.11-bp153.2.6.1
SUSE Package Hub 15 SP3
phpMyAdmin-4.9.11-bp153.2.6.1
openSUSE Leap 15.3
phpMyAdmin-4.9.11-bp153.2.6.1
Ссылки
- E-Mail link for openSUSE-SU-2023:0154-1
- SUSE Security Ratings
- SUSE Bug 1092345
- SUSE Bug 1170743
- SUSE Bug 1195017
- SUSE Bug 1208186
- SUSE CVE CVE-2022-23807 page
- SUSE CVE CVE-2023-25727 page
Описание
An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before 5.1.2. A valid user who is already authenticated to phpMyAdmin can manipulate their account to bypass two-factor authentication for future login instances.
Затронутые продукты
SUSE Package Hub 12:phpMyAdmin-4.9.11-bp153.2.6.1
SUSE Package Hub 15 SP3:phpMyAdmin-4.9.11-bp153.2.6.1
openSUSE Leap 15.3:phpMyAdmin-4.9.11-bp153.2.6.1
Ссылки
- CVE-2022-23807
- SUSE Bug 1195017
Описание
In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface.
Затронутые продукты
SUSE Package Hub 12:phpMyAdmin-4.9.11-bp153.2.6.1
SUSE Package Hub 15 SP3:phpMyAdmin-4.9.11-bp153.2.6.1
openSUSE Leap 15.3:phpMyAdmin-4.9.11-bp153.2.6.1
Ссылки
- CVE-2023-25727
- SUSE Bug 1208186