SQL Injection Vulnerability in phpMyAdmin Affecting Multiple Versions
CVE-2020-10802

8HIGH

Key Information:

Vendor
PHPmyadmin
Status
PHPmyadmin
Vendor
CVE Published:
22 March 2020

Summary

A vulnerability has been identified in phpMyAdmin versions prior to 4.9.5 and 5.0.2, allowing attackers to exploit improperly escaped parameters when executing search queries. This exploitation occurs within the TableSearchController component, enabling an attacker to craft malicious database or table names. Users executing certain search operations on these compromised databases or tables are at risk of having their commands manipulated, potentially leading to unauthorized data access.

References

https://www.phpmyadmin.net/security/PMASA-2020-3/
x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2020/03/msg0...
mailing-listx_refsource_MLIST
http://lists.opensuse.org/opensuse-security-announce/2020...
vendor-advisoryx_refsource_SUSE

CVSS V3.1

Score:
8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.