| Package | phpmyadmin |
|---|---|
| Version | 4:4.6.6-4+deb9u3 (stretch) |
| Related CVEs | CVE-2020-22452 CVE-2023-25727 |
phpMyAdmin is a popular MySQL web administration tool. The following security vulnerabilities have been addressed:
CVE-2020-22452
SQL Injection vulnerability in function getTableCreationQuery in
CreateAddField.php in phpMyAdmin via the tbl_storage_engine or
tbl_collation parameters to tbl_create.php.
CVE-2023-25727
In phpMyAdmin an authenticated user can trigger XSS by uploading a crafted
.sql file through the drag-and-drop interface.
For Debian 9 stretch, these problems have been fixed in version 4:4.6.6-4+deb9u3.
We recommend that you upgrade your phpmyadmin packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.