An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26935
Reference (s):
- FEDORA:FEDORA-2020-43d8624421
- URL: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FHST4E5IJG7IKZTTW3R6MEZPVHJZ472K/
- FEDORA:FEDORA-2020-4e78c86902
- URL: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNLGHVDNAEZEGRTUESSSQFM7MZTHIDQ5/
- FEDORA:FEDORA-2020-eadda524a8