Debian 10261 Published by

A phpmyadmin security update has been released for Debian GNU/Linux 9 Extended LTS to two security issues.



ELA-911-1 phpmyadmin security update

Package : phpmyadmin
Version : 4:4.6.6-4+deb9u3 (stretch)

Related CVEs :
CVE-2020-22452
CVE-2023-25727

phpMyAdmin is a popular MySQL web administration tool. The following security vulnerabilities have been addressed:

CVE-2020-22452
SQL Injection vulnerability in function getTableCreationQuery in CreateAddField.php in phpMyAdmin via the tbl_storage_engine or tbl_collation parameters to tbl_create.php.

CVE-2023-25727
In phpMyAdmin an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface.

ELA-911-1 phpmyadmin security update