DescriptionIn phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server.
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having moderate severity.SUSE Bugzilla entry: 1160456 [IN_PROGRESS] SUSE Security Advisories:
- openSUSE-SU-2020:0056-1, published Tue, 14 Jan 2020 21:16:59 +0100 (CET)
List of released packages
|Product(s)||Fixed package version(s)||References|
|SUSE Package Hub for SUSE Linux Enterprise 12|| ||Patchnames:
|openSUSE Leap 15.1|| ||Patchnames: