CVE-2020-10802
HIGHphpMyAdmin <4.9.5, 5.x <5.0.2 - SQL Injection
Title source: llmDescription
In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search actions in libraries/classes/Controllers/Table/TableSearchController.php. An attacker can generate a crafted database or table name. The attack can be performed if a user attempts certain search operations on the malicious database or table.
References (8)
Scores
CVSS v3
8.0
EPSS
0.0162
EPSS Percentile
81.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Classification
CWE
CWE-89
Status
published
Affected Products (10)
phpmyadmin/phpmyadmin
< 4.9.5
debian/debian_linux
fedoraproject/fedora
fedoraproject/fedora
fedoraproject/fedora
opensuse/backports_sle
opensuse/backports_sle
opensuse/leap
suse/package_hub
phpmyadmin/phpmyadmin
< 4.9.5Packagist
Timeline
Published
Mar 22, 2020
Tracked Since
Feb 18, 2026