Advisories ยป MGASA-2020-0383

Updated phpmyadmin packages fix security vulnerabilities

Publication date: 16 Oct 2020
Modification date: 16 Oct 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-26934 , CVE-2020-26935

Description

A vulnerability was discovered where an attacker can cause an XSS attack
through the transformation feature. If an attacker sends a crafted link to
the victim with the malicious JavaScript, when the victim clicks on the link,
the JavaScript will run and complete the instructions made by the attacker.
(CVE-2020-26934)

An SQL injection vulnerability was discovered in how phpMyAdmin processes
SQL statements in the search feature. An attacker could use this flaw to
inject malicious SQL in to a query. (CVE-2020-26935)
                

References

SRPMS

7/core