vulnerability
phpMyAdmin: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CVE-2020-26935)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | 2020-10-10 | 2020-10-28 | 2023-11-08 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
2020-10-10
Added
2020-10-28
Modified
2023-11-08
Description
An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query.
Solution(s)
phpmyadmin-upgrade-4_9_6phpmyadmin-upgrade-5_0_3
References
- CVE-2020-26935
- https://attackerkb.com/topics/CVE-2020-26935
- URL-http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00027.html
- URL-http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html
- URL-https://advisory.checkmarx.net/advisory/CX-2020-4281
- URL-https://lists.debian.org/debian-lts-announce/2020/10/msg00024.html
- URL-https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FHST4E5IJG7IKZTTW3R6MEZPVHJZ472K/
- URL-https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PXK37YEHSDYCIPQSYEMN2OFTP2ZLM7DO/
- URL-https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNLGHVDNAEZEGRTUESSSQFM7MZTHIDQ5/
- URL-https://security.gentoo.org/glsa/202101-35
- URL-https://www.phpmyadmin.net/security/PMASA-2020-6/
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.