{"id":"MGASA-2020-0033","summary":"Updated phpmyadmin packages fix security vulnerability","details":"Updated phpmyadmin package fix security vulnerability:\n\nA SQL injection flaw has been discovered in the user accounts page. A\nmalicious user could inject custom SQL in place of their own username\nwhen creating queries to this page. An attacker must have a valid MySQL\naccount to access the server (CVE-2020-5504).\n","modified":"2026-04-16T01:45:36.301848027Z","published":"2020-01-11T23:52:04Z","upstream":["CVE-2020-5504"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2020-0033.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=26036"},{"type":"WEB","url":"https://www.phpmyadmin.net/news/2020/1/8/phpmyadmin-494-and-501-are-released/"},{"type":"WEB","url":"https://www.phpmyadmin.net/security/PMASA-2020-1/"}],"affected":[{"package":{"name":"phpmyadmin","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/phpmyadmin?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.9.4-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2020-0033.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}