Upstream information

CVE-2020-5504 at MITRE

Description

In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having moderate severity.

SUSE Bugzilla entry: 1160456 [IN_PROGRESS]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Package Hub for SUSE Linux Enterprise 12
  • phpMyAdmin >= 4.9.4-40.1
Patchnames:
openSUSE-2020-56
openSUSE Leap 15.1
  • phpMyAdmin >= 4.9.4-lp151.2.12.1
Patchnames:
openSUSE-2020-56