SQL Injection in phpMyAdmin Versions by phpMyAdmin
CVE-2020-10803

5.4MEDIUM

Key Information:

Vendor
PHPmyadmin
Status
PHPmyadmin
Vendor
CVE Published:
22 March 2020

Summary

A SQL injection vulnerability exists in phpMyAdmin versions prior to 4.9.5 and 5.0.2 that can lead to potential XSS exploitation. This vulnerability occurs when an attacker is able to insert malicious code into specific database tables. If this crafted data is retrieved, particularly through the Browse tab in the application, it can result in executing unintended scripts in the user's browser environment. This highlight emphasizes the importance of maintaining updated versions of phpMyAdmin to mitigate the associated security risks.

References

https://www.phpmyadmin.net/security/PMASA-2020-4/
x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2020/03/msg0...
mailing-listx_refsource_MLIST
http://lists.opensuse.org/opensuse-security-announce/2020...
vendor-advisoryx_refsource_SUSE

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.