VDB

GCVE-110-MAGEIA-2020-33

GCVE-110-MAGEIA-2020-33
Advisory Published
Vulnetix · Advisory published January 11, 2020
Updated phpmyadmin package fix security vulnerability: A SQL injection flaw has been discovered in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server (CVE-2020-5504).

Affected Products

VendorProductVersionsPlatforms
Mageiaphpmyadmin4.9.4-1.mga7 (unaffected), 0 (affected), 4.9.4-1.mga7 (unaffected), 0 (affected)
Mageiacalibre0 (affected), 3.42.0-3.mga7 (unaffected)

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›