FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpMyAdmin -- SQL injection

Affected packages
phpMyAdmin < 4.9.5
5.0 <= phpMyAdmin < 5.0.2
phpMyAdmin-php72 < 4.9.5
5.0 <= phpMyAdmin-php72 < 5.0.2
phpMyAdmin-php73 < 4.9.5
5.0 <= phpMyAdmin-php73 < 5.0.2
phpMyAdmin-php74 < 4.9.5
5.0 <= phpMyAdmin-php74 < 5.0.2
phpMyAdmin5 < 4.9.5
5.0 <= phpMyAdmin5 < 5.0.2
phpMyAdmin5-php72 < 4.9.5
5.0 <= phpMyAdmin5-php72 < 5.0.2
phpMyAdmin5-php73 < 4.9.5
5.0 <= phpMyAdmin5-php73 < 5.0.2
phpMyAdmin5-php74 < 4.9.5
5.0 <= phpMyAdmin5-php74 < 5.0.2

Details

VuXML ID 97fcc60a-6ec0-11ea-a84a-4c72b94353b5
Discovery 2020-03-21
Entry 2020-03-25

phpMyAdmin Team reports:

PMASA-2020-2 SQL injection vulnerability in the user accounts page, particularly when changing a password

PMASA-2020-3 SQL injection vulnerability relating to the search feature

PMASA-2020-4 SQL injection and XSS having to do with displaying results

Removing of the "options" field for the external transformation

References

URL https://www.phpmyadmin.net/news/2020/3/21/phpmyadmin-495-and-502-are-released/