6 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
61.2%
Announcement-ID: PMASA-2020-3
Date: 2020-03-20
Updated: 2020-03-22
SQL injection relating to searching
An SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search actions within phpMyAdmin.
An attacker can generate specially-crafted database or table names. The attack can be performed if a user attempts certain search operations on the malicious database or table.
Because of the specific steps required to exploit this, we consider this vulnerability to be of moderate severity.
phpMyAdmin 4.9.x releases prior to 4.9.5 and the 5.0.x releases prior to 5.0.2 are affected.
Upgrade to phpMyAdmin 4.9.5 or 5.0.2 or newer or apply patch listed below.
Thanks to hoangn144_VCS and Yutaka WATANABE for reporting these vulnerabilities.
Assigned CVE ids: CVE-2020-10802
CWE ids: CWE-661
The following commits have been made to fix this issue:
For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.
CPE | Name | Operator | Version |
---|---|---|---|
phpmyadmin | le | 5.0.2 | |
phpmyadmin | le | 4.9.5 |
6 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
61.2%