Lucene search

Veracode Vulnerability DatabaseVERACODE:22015

HistoryNov 25, 2019 - 9:02 a.m.

SQL Injection

2019-11-2509:02:20

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

EPSS

0.005

Percentile

77.2%

JSON

phpmyadmin/phpmyadmin is vulnerable to SQL injection. The vulnerability exists as the database and table name of designer feature is not properly sanitized to prevent arbitrary SQL query to be injected and executed.

References

lists.opensuse.org/opensuse-security-announce/2019-12/msg00002.html

lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html

github.com/phpmyadmin/phpmyadmin/commit/ff541af95d7155d8dd326f331b5e248fea8e7111

lists.fedoraproject.org/archives/list/[email protected]/message/BA4DGF7KTQS6WA2DRNJSW66L43WB7LRV/

lists.fedoraproject.org/archives/list/[email protected]/message/W5GW4KEMNCBQYZCIXEJYC42OEBBN2NSH/

www.phpmyadmin.net/security/PMASA-2019-5/

EPSS

0.005

Percentile

77.2%

JSON

Related for VERACODE:22015