Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 519
Alerts This Week
Warning Icon 1 519

Ubuntu 18.04 LTS USN-4639-1 High: phpMyAdmin XSS and SQL Injection

ubuntu
Calendar Grey November 19, 2020
Dist Ubuntu Esm H88
Major security flaws in phpMyAdmin were fixed in the recent security update by Ubuntu, strongly recommending users to upgrade their installations.
Several security issues were fixed in phpMyAdmin.

Summary

Several security issues were fixed in phpMyAdmin.

Software Description:

- phpmyadmin: MySQL web administration tool

Details:

It was discovered that there was a bug in the way phpMyAdmin handles the

phpMyAdmin Configuration Storage tables. An authenticated attacker could

use this vulnerability to cause phpmyAdmin to leak sensitive files.

(CVE-2018-19968)

It was discovered that phpMyAdmin incorrectly handled user input. An

attacker could possibly use this for an XSS attack. (CVE-2018-19970)

It was discovered that phpMyAdmin mishandled certain input. An attacker

could use this vulnerability to execute a cross-site scripting (XSS) attack

via a crafted URL. (CVE-2018-7260)

It was discovered that phpMyAdmin failed to sanitize certain input. An

attacker could use this vulnerability to execute an SQL injection attack

via a specially crafted database name. (CVE-2019-11768)

It was discovered that phpmyadmin incorrectly handled some requests. An

attacker could ...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 18.04 LTS:
  phpmyadmin                      4:4.6.6-5ubuntu0.5

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-4639-1

CVE-2018-19968, CVE-2018-19970, CVE-2018-7260, CVE-2019-11768,

CVE-2019-12616, CVE-2019-6798, CVE-2019-6799, CVE-2020-10802,

CVE-2020-10803, CVE-2020-10804, CVE-2020-26934, CVE-2020-26935,

CVE-2020-5504

November 19, 2020

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.