Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 717630 - <dev-db/phpmyadmin-{4.9.4,5.0.1}: SQL injection (CVE-2020-5504)
Summary: <dev-db/phpmyadmin-{4.9.4,5.0.1}: SQL injection (CVE-2020-5504)
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B4 [noglsa cve]
Depends on:
Reported: 2020-04-15 21:47 UTC by GLSAMaker/CVETool Bot
Modified: 2020-05-04 01:35 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2020-04-15 21:47:12 UTC
CVE-2020-5504 (
  In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the
  user accounts page. A malicious user could inject custom SQL in place of
  their own username when creating queries to this page. An attacker must have
  a valid MySQL account to access the server.
Comment 1 Larry the Git Cow gentoo-dev 2020-04-15 23:56:32 UTC
The bug has been referenced in the following commit(s):

commit d702e013bdd2e04a3f78e09c7b198d24b7e8e4ad
Author:     Jorge Manuel B. S. Vicetto (jmbsvicetto) <>
AuthorDate: 2020-04-15 23:55:49 +0000
Commit:     Jorge Manuel B. S. Vicetto (jmbsvicetto) <>
CommitDate: 2020-04-15 23:56:15 +0000

    dev-db/phpmyadmin: Drop vulnerable release.
    Package-Manager: Portage-2.3.96, Repoman-2.3.22
    Signed-off-by: Jorge Manuel B. S. Vicetto (jmbsvicetto) <>

 dev-db/phpmyadmin/Manifest                |  1 -
 dev-db/phpmyadmin/phpmyadmin-4.9.2.ebuild | 61 -------------------------------
 2 files changed, 62 deletions(-)
Comment 2 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-04-16 00:22:16 UTC