Advisories ยป MGASA-2020-0383

Updated phpmyadmin packages fix security vulnerabilities

Publication date: 16 Oct 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-26934 , CVE-2020-26935


A vulnerability was discovered where an attacker can cause an XSS attack
through the transformation feature. If an attacker sends a crafted link to
the victim with the malicious JavaScript, when the victim clicks on the link,
the JavaScript will run and complete the instructions made by the attacker.

An SQL injection vulnerability was discovered in how phpMyAdmin processes
SQL statements in the search feature. An attacker could use this flaw to
inject malicious SQL in to a query. (CVE-2020-26935)