{"id":"MGASA-2020-0383","summary":"Updated phpmyadmin packages fix security vulnerabilities","details":"A vulnerability was discovered where an attacker can cause an XSS attack\nthrough the transformation feature. If an attacker sends a crafted link to\nthe victim with the malicious JavaScript, when the victim clicks on the link,\nthe JavaScript will run and complete the instructions made by the attacker.\n(CVE-2020-26934)\n\nAn SQL injection vulnerability was discovered in how phpMyAdmin processes\nSQL statements in the search feature. An attacker could use this flaw to\ninject malicious SQL in to a query. (CVE-2020-26935)\n","modified":"2026-02-02T07:02:58.246815Z","published":"2020-10-16T15:44:59Z","related":["CVE-2020-26934","CVE-2020-26935"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2020-0383.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=27379"},{"type":"REPORT","url":"https://www.phpmyadmin.net/news/2020/10/10/phpmyadmin-496-and-503-are-released/"},{"type":"REPORT","url":"https://www.phpmyadmin.net/security/PMASA-2020-5/"},{"type":"REPORT","url":"https://www.phpmyadmin.net/security/PMASA-2020-6/"}],"affected":[{"package":{"name":"phpmyadmin","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/phpmyadmin?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.9.6-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2020-0383.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}