Upstream information
Description
In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results (in tbl_get_field.php and libraries/classes/Display/Results.php). The attacker must be able to insert crafted data into certain database tables, which when retrieved (for instance, through the Browse tab) can trigger the XSS attack.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
| National Vulnerability Database | |
|---|---|
| Base Score | 3.5 |
| Vector | AV:N/AC:M/Au:S/C:N/I:P/A:N |
| Access Vector | Network |
| Access Complexity | Medium |
| Authentication | Single |
| Confidentiality Impact | None |
| Integrity Impact | Partial |
| Availability Impact | None |
| National Vulnerability Database | |
|---|---|
| Base Score | 5.4 |
| Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
| Attack Vector | Network |
| Attack Complexity | Low |
| Privileges Required | Low |
| User Interaction | Required |
| Scope | Changed |
| Confidentiality Impact | Low |
| Integrity Impact | Low |
| Availability Impact | None |
| CVSSv3 Version | 3.1 |
SUSE Security Advisories:
- openSUSE-SU-2020:0405-1, published Thu Dec 7 12:55:39 2023
- openSUSE-SU-2020:0427-1, published Thu Dec 7 12:55:39 2023
- openSUSE-SU-2020:1806-1, published Thu Dec 7 12:55:41 2023
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|---|---|
| SUSE Package Hub 12 |
| Patchnames: openSUSE-2020-1806 openSUSE-2020-405 |
| SUSE Package Hub 15 SP1 |
| Patchnames: openSUSE-2020-1806 openSUSE-2020-427 |
| SUSE Package Hub 15 |
| Patchnames: openSUSE-2020-1806 |
| openSUSE Leap 15.1 |
| Patchnames: openSUSE-2020-1806 openSUSE-2020-405 |
| openSUSE Tumbleweed |
| Patchnames: openSUSE-Tumbleweed-2024-11171 |
SUSE Timeline for this CVE
CVE page created: Sun Mar 22 13:57:51 2020CVE page last modified: Tue Sep 3 19:16:04 2024