Lucene search

K

Veracode Vulnerability DatabaseVERACODE:27565

HistoryOct 13, 2020 - 4:24 a.m.

SQL Injection

2020-10-1304:24:17

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

27

phpmyadmin

sql injection

search feature

inadequate validation

database

software

EPSS

0.008

Percentile

82.2%

phpmyadmin/phpmyadmin is vulnerable to SQL injection. An attacker is able to inject and execute arbitrary SQL statements on the database via the search feature, due to inadequate validation.

References

lists.opensuse.org/opensuse-security-announce/2020-10/msg00027.html

lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html

advisory.checkmarx.net/advisory/CX-2020-4281

bugzilla.redhat.com/show_bug.cgi?id=1887254

lists.debian.org/debian-lts-announce/2020/10/msg00024.html

lists.fedoraproject.org/archives/list/[email protected]/message/FHST4E5IJG7IKZTTW3R6MEZPVHJZ472K/

lists.fedoraproject.org/archives/list/[email protected]/message/PXK37YEHSDYCIPQSYEMN2OFTP2ZLM7DO/

lists.fedoraproject.org/archives/list/[email protected]/message/TNLGHVDNAEZEGRTUESSSQFM7MZTHIDQ5/

security.gentoo.org/glsa/202101-35

www.phpmyadmin.net/security/PMASA-2020-6/

EPSS

0.008

Percentile

82.2%

Related for VERACODE:27565

prion1 osv7 friendsofphp1 debiancve1 cvelist1 ubuntucve1 github1 cve1 nvd1 phpmyadmin1 fedora3 openvas11 nessus10 gentoo1 typo31 suse2 mageia1 debian1 ubuntu2