Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Debian LTS: Security Advisory for phpmyadmin (DLA-2413-1)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The remote host is missing an update for the 'phpmyadmin' package(s) announced via the DLA-2413-1 advisory.
Insight
Insight
Several vulnerabilities were found in package phpmyadmin. CVE-2019-19617 phpMyAdmin does not escape certain Git information, related to libraries/classes/Display/GitRevision.php and libraries/classes /Footer.php. CVE-2020-26934 A vulnerability was discovered where an attacker can cause an XSS attack through the transformation feature. If an attacker sends a crafted link to the victim with the malicious JavaScript, when the victim clicks on the link, the JavaScript will run and complete the instructions made by the attacker. CVE-2020-26935 An SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query.
Affected Software
Affected Software
'phpmyadmin' package(s) on Debian Linux.
Detection Method
Detection Method
Checks if a vulnerable package version is present on the target host.
Solution
Solution
For Debian 9 stretch, these problems have been fixed in version 4.6.6-4+deb9u2. We recommend that you upgrade your phpmyadmin packages.