two security issues were discovered in phpmyadmin:
Updated phpmyadmin packages fix security vulnerabilities:
A vulnerability was reported where a specially crafted database name can be used to trigger an SQL injection attack through the designer feature. (PMASA-2019-3)
A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken <img> tag pointing at the victim's phpMyAdmin database, and the attacker can potentially deliver a payload (such as a specific INSERT or DELETE statement) through the victim. (PMASA-2019-4)
Updated packages in core/updates_testing:
These issues also affect Cauldron/Mageia 7 and need to be fixed there as well.
RPM Packages =>
Fixed upstream in 4.9.0
already put a freeze push request for cauldron
Installed and tested without issues.
Normal use and some extra testing revealed no issues.
System: Mageia 6, x86_64, Apache, MariaDB, Firefox, Chromium, Intel CPU.
$ uname -a
Linux marte 4.14.121-desktop-1.mga6 #1 SMP Wed May 22 12:26:58 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
$ rpm -q phpmyadmin apache mariadb
phpmyadmin-18.104.22.168-1.mga7 has been pushed in Cauldron. Thanks.
Validating. Advisory information in Comment 1.
An update for this issue has been pushed to the Mageia Updates repository.