CVE-2020-5504 (https://nvd.nist.gov/vuln/detail/CVE-2020-5504): In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d702e013bdd2e04a3f78e09c7b198d24b7e8e4ad commit d702e013bdd2e04a3f78e09c7b198d24b7e8e4ad Author: Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org> AuthorDate: 2020-04-15 23:55:49 +0000 Commit: Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org> CommitDate: 2020-04-15 23:56:15 +0000 dev-db/phpmyadmin: Drop vulnerable release. Bug: https://bugs.gentoo.org/714014 Bug: https://bugs.gentoo.org/715660 Bug: https://bugs.gentoo.org/717630 Package-Manager: Portage-2.3.96, Repoman-2.3.22 Signed-off-by: Jorge Manuel B. S. Vicetto (jmbsvicetto) <jmbsvicetto@gentoo.org> dev-db/phpmyadmin/Manifest | 1 - dev-db/phpmyadmin/phpmyadmin-4.9.2.ebuild | 61 ------------------------------- 2 files changed, 62 deletions(-)
Thanks!
