High severityNVD Advisory· Published Mar 22, 2020· Updated Aug 4, 2024
CVE-2020-10802
CVE-2020-10802
Description
In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search actions in libraries/classes/Controllers/Table/TableSearchController.php. An attacker can generate a crafted database or table name. The attack can be performed if a user attempts certain search operations on the malicious database or table.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
phpmyadmin/phpmyadminPackagist | >= 4.9.0, < 4.9.5 | 4.9.5 |
phpmyadmin/phpmyadminPackagist | >= 5.0.0, < 5.0.2 | 5.0.2 |
Affected products
8- phpMyAdmin/phpMyAdmindescription
- osv-coords7 versionspkg:bitnami/phpmyadminpkg:composer/phpmyadmin/phpmyadminpkg:rpm/opensuse/phpMyAdmin&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/phpMyAdmin&distro=openSUSE%20Tumbleweedpkg:rpm/suse/phpMyAdmin&distro=SUSE%20Package%20Hub%2012pkg:rpm/suse/phpMyAdmin&distro=SUSE%20Package%20Hub%2015pkg:rpm/suse/phpMyAdmin&distro=SUSE%20Package%20Hub%2015%20SP1
>= 4.0.0, < 4.9.5+ 6 more
- (no CPE)range: >= 4.0.0, < 4.9.5
- (no CPE)range: >= 4.9.0, < 4.9.5
- (no CPE)range: < 4.9.5-43.1
- (no CPE)range: < 5.1.1-1.2
- (no CPE)range: < 4.9.5-43.1
- (no CPE)range: < 4.9.7-bp151.3.24.1
- (no CPE)range: < 4.9.7-bp151.3.24.1
Patches
Vulnerability mechanics
References
15- lists.opensuse.org/opensuse-security-announce/2020-03/msg00046.htmlghsavendor-advisoryx_refsource_SUSEWEB
- lists.opensuse.org/opensuse-security-announce/2020-03/msg00050.htmlghsavendor-advisoryx_refsource_SUSEWEB
- lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.htmlghsavendor-advisoryx_refsource_SUSEWEB
- github.com/advisories/GHSA-f4cr-3xmc-2wpmghsaADVISORY
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AAVW3SUKWR5RF5LZ6SARCYOWBIFUIWOJ/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUG3IRITW2LUBGR5LSQMP7MVRTELHZJK/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZI6EQVRRIG252DY3MBT33BJVCSYDMQO/mitrevendor-advisoryx_refsource_FEDORA
- nvd.nist.gov/vuln/detail/CVE-2020-10802ghsaADVISORY
- github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-10802.yamlghsaWEB
- lists.debian.org/debian-lts-announce/2020/03/msg00028.htmlghsamailing-listx_refsource_MLISTWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AAVW3SUKWR5RF5LZ6SARCYOWBIFUIWOJghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BUG3IRITW2LUBGR5LSQMP7MVRTELHZJKghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UZI6EQVRRIG252DY3MBT33BJVCSYDMQOghsaWEB
- www.phpmyadmin.net/security/PMASA-2020-3ghsaWEB
- www.phpmyadmin.net/security/PMASA-2020-3/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.