An SQL injection vulnerability was found in how phpMyAdmin prior (phpMyAdmin 4.9.x releases prior to 4.9.5 and the 5.0.x releases prior to 5.0.2) retrieves the current username. User with access to server could create crafted username and trick victim into performing specific actions with the account (editing privileges)
Created phpMyAdmin tracking bugs for this issue: Affects: fedora-all [bug 1816100]
Created phpMyAdmin tracking bugs for this issue: Affects: epel-all [bug 1816101]
External References: https://www.phpmyadmin.net/security/PMASA-2020-2/
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.