CVE-2020-11441

MEDIUM NUCLEI

Phpmyadmin - Injection

Title source: rule

Description

phpMyAdmin 5.0.2 allows CRLF injection, as demonstrated by %0D%0Astring%0D%0A inputs to login form fields causing CRLF sequences to be reflected on an error page. NOTE: the vendor states "I don't see anything specifically exploitable.

Nuclei Templates (1)

phpMyAdmin 5.0.2 - CRLF Injection

MEDIUMby ritikchaddha

Shodan: title:"phpmyadmin"

FOFA: title="phpmyadmin"

References (1)

[Exploit, Issue Tracking, Third Party Advisory] https://github.com/phpmyadmin/phpmyadmin/issues/16056

Scores

CVSS v3 6.1

EPSS 0.0065

EPSS Percentile 70.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Classification

CWE

CWE-74

Status published

Affected Products (1)

phpmyadmin/phpmyadmin

Timeline

Published Mar 31, 2020

Tracked Since Feb 18, 2026