SQL Injection Vulnerability in phpMyAdmin by phpMyAdmin Team
CVE-2020-10804
8HIGH
What is CVE-2020-10804?
A SQL injection vulnerability exists in phpMyAdmin versions prior to 4.9.5 and 5.0.2, specifically within the processes that retrieve the current username. This flaw enables a malicious user with server access to craft a particular username designed to exploit user account actions. If a victim interacts with this compromised account, they could inadvertently alter the user’s privileges, leading to unauthorized access or privilege escalation.