Source: phpmyadmin
Version: 4:4.9.4+dfsg1-1
Severity: important
Tags: security upstream

Hi,

The following vulnerability was published for phpmyadmn.

CVE-2020-10804[0]:
| In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection
| vulnerability was found in retrieval of the current username (in
| libraries/classes/Server/Privileges.php and
| libraries/classes/UserPassword.php). A malicious user with access to
| the server could create a crafted username, and then trick the victim
| into performing specific actions with that user account (such as
| editing its privileges).


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2020-10804
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10804
[1] https://www.phpmyadmin.net/security/PMASA-2020-2/

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Reply via email to