Wind River Support Network

HomeDefectsLIN1019-4164
Fixed

LIN1019-4164 : Security Advisory - phpmyadmin - CVE-2020-10803

Created: Mar 23, 2020    Updated: Apr 11, 2020
Resolved Date: Mar 29, 2020
Found In Version: 10.19.45.1
Fix Version: 10.19.45.6
Severity: Standard
Applicable for: Wind River Linux LTS 19
Component/s: Userspace

Description

In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results (in tbl_get_field.php and libraries/classes/Display/Results.php). The attacker must be able to insert crafted data into certain database tables, which when retrieved (for instance, through the Browse tab) can trigger the XSS attack.

CREATE(Triage):(User=admin) [CVE-2020-10803|https://nvd.nist.gov/vuln/detail/CVE-2020-10803]

CVEs


Live chat
Online