{"affected":[{"ecosystem_specific":{"binaries":[{"phpMyAdmin":"4.9.7-bp151.3.24.1"}]},"package":{"ecosystem":"SUSE:Package Hub 12","name":"phpMyAdmin","purl":"pkg:rpm/suse/phpMyAdmin&distro=SUSE%20Package%20Hub%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.9.7-bp151.3.24.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"phpMyAdmin":"4.9.7-bp151.3.24.1"}]},"package":{"ecosystem":"SUSE:Package Hub 15","name":"phpMyAdmin","purl":"pkg:rpm/suse/phpMyAdmin&distro=SUSE%20Package%20Hub%2015"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.9.7-bp151.3.24.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"phpMyAdmin":"4.9.7-bp151.3.24.1"}]},"package":{"ecosystem":"SUSE:Package Hub 15 SP1","name":"phpMyAdmin","purl":"pkg:rpm/suse/phpMyAdmin&distro=SUSE%20Package%20Hub%2015%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.9.7-bp151.3.24.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"phpMyAdmin":"4.9.7-bp151.3.24.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.1","name":"phpMyAdmin","purl":"pkg:rpm/opensuse/phpMyAdmin&distro=openSUSE%20Leap%2015.1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.9.7-bp151.3.24.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for phpMyAdmin fixes the following issues:\n\nphpMyAdmin was updated to 4.9.7 (boo#1177842):\n  * Fix two factor authentication that was broken in 4.9.6\n  * Fix incompatibilities with older PHP versions\n\nUpdate to 4.9.6:\n\n- Fixed XSS relating to the transformation feature (boo#1177561 CVE-2020-26934, PMASA-2020-5)\n- Fixed SQL injection vulnerability in SearchController (boo#1177562 CVE-2020-26935, PMASA-2020-6) \n\nUpdate to 4.9.5:\n\nThis is a security release containing several bug fixes.\n\n  * CVE-2020-10804: SQL injection vulnerability in the user\n    accounts page, particularly when changing a password\n    (boo#1167335, PMASA-2020-2)\n  * CVE-2020-10802: SQL injection vulnerability relating to the\n    search feature (boo#1167336, PMASA-2020-3)\n  * CVE-2020-10803: SQL injection and XSS having to do with\n    displaying results (boo#1167337, PMASA-2020-4)\n  * Removing of the 'options' field for the external\n    transformation.\n  \n","id":"openSUSE-SU-2020:1806-1","modified":"2020-11-01T11:23:27Z","published":"2020-11-01T11:23:27Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KALR6PYMDCEFCQ6GUH5PGVPKTXVHV3YS/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1167335"},{"type":"REPORT","url":"https://bugzilla.suse.com/1167336"},{"type":"REPORT","url":"https://bugzilla.suse.com/1167337"},{"type":"REPORT","url":"https://bugzilla.suse.com/1177561"},{"type":"REPORT","url":"https://bugzilla.suse.com/1177562"},{"type":"REPORT","url":"https://bugzilla.suse.com/1177842"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-10802"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-10803"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-10804"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-26934"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-26935"}],"related":["CVE-2020-10802","CVE-2020-10803","CVE-2020-10804","CVE-2020-26934","CVE-2020-26935"],"summary":"Security update for phpMyAdmin","upstream":["CVE-2020-10802","CVE-2020-10803","CVE-2020-10804","CVE-2020-26934","CVE-2020-26935"]}