CVE-2020-22452

CRITICAL

phpMyAdmin <5.2.0 - SQL Injection

Title source: llm

Description

SQL Injection vulnerability in function getTableCreationQuery in CreateAddField.php in phpMyAdmin 5.x before 5.2.0 via the tbl_storage_engine or tbl_collation parameters to tbl_create.php.

References (4)

[Vendor Advisory] http://phpmyadmin.com

[Third Party Advisory] https://github.com/phpmyadmin/phpmyadmin/blob/master/ChangeLog

[Exploit, Patch, Third Party Advisory] https://github.com/phpmyadmin/phpmyadmin/issues/15898

[Patch, Third Party Advisory] https://github.com/phpmyadmin/phpmyadmin/pull/16004

Scores

CVSS v3 9.8

EPSS 0.0324

EPSS Percentile 86.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-89

Status published

Affected Products (2)

phpmyadmin/phpmyadmin < 5.2.0

phpmyadmin/phpmyadmin < 5.0.2Packagist

Timeline

Published Jan 26, 2023

Tracked Since Feb 18, 2026