In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search actions in libraries/classes/Controllers/Table/TableSearchController.php. An attacker can generate a crafted database or table name. The attack can be performed if a user attempts certain search operations on the malicious database or table.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
AND |
|
History
No history.
Information
Published : 2020-03-22 05:15
Updated : 2024-02-04 21:00
NVD link : CVE-2020-10802
Mitre link : CVE-2020-10802
CVE.ORG link : CVE-2020-10802
JSON object : View
Products Affected
debian
- debian_linux
opensuse
- leap
- backports_sle
fedoraproject
- fedora
phpmyadmin
- phpmyadmin
suse
- linux_enterprise
- package_hub
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')