CVE-2020-10802

In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search actions in libraries/classes/Controllers/Table/TableSearchController.php. An attacker can generate a crafted database or table name. The attack can be performed if a user attempts certain search operations on the malicious database or table.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*
cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Information

Published : 2020-03-21 22:15

Updated : 2020-11-02 13:15


NVD link : CVE-2020-10802

Mitre link : CVE-2020-10802


JSON object : View

CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Advertisement

dedicated server usa

Products Affected

debian

  • debian_linux

phpmyadmin

  • phpmyadmin