{"id":"USN-4639-1","summary":"phpmyadmin vulnerabilities","details":"It was discovered that there was a bug in the way phpMyAdmin handles the\nphpMyAdmin Configuration Storage tables. An authenticated attacker could\nuse this vulnerability to cause phpmyAdmin to leak sensitive files.\n(CVE-2018-19968)\n\nIt was discovered that phpMyAdmin incorrectly handled user input. An\nattacker could possibly use this for an XSS attack. (CVE-2018-19970)\n\nIt was discovered that phpMyAdmin mishandled certain input. An attacker\ncould use this vulnerability to execute a cross-site scripting (XSS) attack\nvia a crafted URL. (CVE-2018-7260)\n\nIt was discovered that phpMyAdmin failed to sanitize certain input. An\nattacker could use this vulnerability to execute an SQL injection attack\nvia a specially crafted database name. (CVE-2019-11768)\n\nIt was discovered that phpmyadmin incorrectly handled some requests. An\nattacker could possibly use this to perform a CSRF attack. (CVE-2019-12616)\n\nIt was discovered that phpMyAdmin failed to sanitize certain input. An\nattacker could use this vulnerability to execute an SQL injection attack\nvia a specially crafted username. (CVE-2019-6798, CVE-2020-10804,\nCVE-2020-5504)\n\nIt was discovered that phpMyAdmin would allow sensitive files to be leaked\nif certain configuration options were set. An attacker could use this\nvulnerability to access confidential information. (CVE-2019-6799)\n\nIt was discovered that phpMyAdmin failed to sanitize certain input. An\nattacker could use this vulnerability to execute an SQL injection attack\nvia a specially crafted database or table name. (CVE-2020-10802)\n\nIt was discovered that phpMyAdmin did not properly handle data from the\ndatabase when displaying it. If an attacker were to insert specially-\ncrafted data into certain database tables, the attacker could execute a\ncross-site scripting (XSS) attack. (CVE-2020-10803)\n\nIt was discovered that phpMyAdmin was vulnerable to an XSS attack. If a\nvictim were to click on a crafted link, an attacker could run malicious\nJavaScript on the victim's system. (CVE-2020-26934)\n\nIt was discovered that phpMyAdmin did not properly handler certain SQL\nstatements in the search feature. An attacker could use this vulnerability\nto inject malicious SQL into a query. (CVE-2020-26935)\n\nIt was discovered that phpMyAdmin did not properly sanitize certain input.\nAn attacker could use this vulnerability to possibly execute an HTML injection\nor a cross-site scripting (XSS) attack. (CVE-2019-19617)\n","modified":"2026-04-27T19:02:48.915048366Z","published":"2020-11-19T15:01:30Z","related":["UBUNTU-CVE-2018-19968","UBUNTU-CVE-2018-19970","UBUNTU-CVE-2018-7260","UBUNTU-CVE-2019-11768","UBUNTU-CVE-2019-12616","UBUNTU-CVE-2019-19617","UBUNTU-CVE-2019-6798","UBUNTU-CVE-2019-6799","UBUNTU-CVE-2020-10802","UBUNTU-CVE-2020-10803","UBUNTU-CVE-2020-10804","UBUNTU-CVE-2020-26934","UBUNTU-CVE-2020-26935","UBUNTU-CVE-2020-5504"],"upstream":["CVE-2018-19968","CVE-2018-19970","CVE-2018-7260","CVE-2019-11768","CVE-2019-12616","CVE-2019-19617","CVE-2019-6798","CVE-2019-6799","CVE-2020-10802","CVE-2020-10803","CVE-2020-10804","CVE-2020-26934","CVE-2020-26935","CVE-2020-5504","UBUNTU-CVE-2018-19968","UBUNTU-CVE-2018-19970","UBUNTU-CVE-2018-7260","UBUNTU-CVE-2019-11768","UBUNTU-CVE-2019-12616","UBUNTU-CVE-2019-19617","UBUNTU-CVE-2019-6798","UBUNTU-CVE-2019-6799","UBUNTU-CVE-2020-10802","UBUNTU-CVE-2020-10803","UBUNTU-CVE-2020-10804","UBUNTU-CVE-2020-26934","UBUNTU-CVE-2020-26935","UBUNTU-CVE-2020-5504"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-4639-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-7260"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-19968"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-19970"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-6798"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-6799"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-11768"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-12616"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-19617"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-5504"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-10802"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-10803"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-10804"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-26934"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-26935"}],"affected":[{"package":{"name":"phpmyadmin","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/phpmyadmin@4:4.6.6-5ubuntu0.5?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4:4.6.6-5ubuntu0.5"}]}],"versions":["4:4.6.6-5"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"phpmyadmin","binary_version":"4:4.6.6-5ubuntu0.5"}]},"database_specific":{"cves_map":{"ecosystem":"Ubuntu:18.04:LTS","cves":[{"id":"CVE-2018-7260","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2018-19968","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2018-19970","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2019-6798"},{"severity":[{"score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2019-6799"},{"severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2019-11768"},{"id":"CVE-2019-12616","severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2019-19617","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"id":"CVE-2020-5504","severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}]},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-10802"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-10803"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-10804"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-26934"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-26935"}]},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4639-1.json"}}],"schema_version":"1.7.5"}