ELA-911-1 phpmyadmin security update
Package : phpmyadmin
Version : 4:4.6.6-4+deb9u3 (stretch)
Related CVEs :
phpMyAdmin is a popular MySQL web administration tool. The following security vulnerabilities have been addressed:
SQL Injection vulnerability in function getTableCreationQuery in CreateAddField.php in phpMyAdmin via the tbl_storage_engine or tbl_collation parameters to tbl_create.php.
In phpMyAdmin an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface.
A phpmyadmin security update has been released for Debian GNU/Linux 9 Extended LTS to two security issues.