Sql injection

2020-03-2205:15:00

PRIOn knowledge base

www.prio-n.com

8 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

61.2%

JSON

In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search actions in libraries/classes/Controllers/Table/TableSearchController.php. An attacker can generate a crafted database or table name. The attack can be performed if a user attempts certain search operations on the malicious database or table.

CPENameOperatorVersion
debian_linuxeq8.0
fedoraeq30
fedoraeq31
fedoraeq32
backports_sleeq15.0 sp1
backports_sleeq15.0
leapeq15.1
phpmyadminge5.0.0
phpmyadminlt5.0.2
phpmyadminge4.0.0

Name	Operator	Version
debian_linux	eq	8.0
fedora	eq	30
fedora	eq	31
fedora	eq	32
backports_sle	eq	15.0 sp1
backports_sle	eq	15.0
leap	eq	15.1
phpmyadmin	ge	5.0.0
phpmyadmin	lt	5.0.2
phpmyadmin	ge	4.0.0