CSV Injection Vulnerability in phpMyAdmin by phpMyAdmin Development Team
CVE-2020-22278

8.8HIGH

Key Information:

Vendor: PHPmyadmin
Status: PHPmyadmin
Vendor: CVE Published:; 4 November 2020

Summary

A vulnerability exists in phpMyAdmin versions up to 5.0.2 that allows for the execution of CSV injection attacks via the Export Section. Attackers can manipulate the CSV file output, potentially leading to unauthorized command execution in the context of the user opening the file. Although the vendor asserts that the generated CSV file accurately reflects the database contents, the risk of CSV injection must be addressed to ensure user safety and data integrity.

References

https://mega.nz/file/ySQnlQSR#vXzY46mgf0CE2ysYpWpbE4O6T_g...

x_refsource_MISC

https://cert.ikiu.ac.ir/public-files/news/document/CVE-99...

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 4, 2020
Vulnerability Reserved
Aug 13, 2020