High severityNVD Advisory· Published Jan 9, 2020· Updated Apr 16, 2025
CVE-2020-5504
CVE-2020-5504
Description
In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
phpmyadmin/phpmyadminPackagist | >= 4.0.0, < 4.9.4 | 4.9.4 |
phpmyadmin/phpmyadminPackagist | >= 5.0.0, < 5.0.1 | 5.0.1 |
Affected products
8- phpMyAdmin/phpMyAdmindescription
- osv-coords7 versionspkg:bitnami/phpmyadminpkg:composer/phpmyadmin/phpmyadminpkg:rpm/opensuse/phpMyAdmin&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/phpMyAdmin&distro=openSUSE%20Tumbleweedpkg:rpm/suse/phpMyAdmin&distro=SUSE%20Package%20Hub%2012pkg:rpm/suse/phpMyAdmin&distro=SUSE%20Package%20Hub%2015pkg:rpm/suse/phpMyAdmin&distro=SUSE%20Package%20Hub%2015%20SP1
>= 4.0.0, < 4.9.4+ 6 more
- (no CPE)range: >= 4.0.0, < 4.9.4
- (no CPE)range: >= 4.0.0, < 4.9.4
- (no CPE)range: < 4.9.4-bp151.3.12.1
- (no CPE)range: < 5.1.1-1.2
- (no CPE)range: < 4.9.4-bp151.3.12.1
- (no CPE)range: < 4.9.4-bp151.3.12.1
- (no CPE)range: < 4.9.4-bp151.3.12.1
Patches
Vulnerability mechanics
References
9- lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.htmlghsavendor-advisoryWEB
- github.com/advisories/GHSA-fgj8-93xx-f6g6ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-5504ghsaADVISORY
- cybersecurityworks.com/zerodays/cve-2020-5504-phpmyadmin.htmlghsaWEB
- github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-5504.yamlghsaWEB
- github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2020-5504.mdghsaWEB
- lists.debian.org/debian-lts-announce/2020/01/msg00011.htmlghsamailing-listWEB
- www.phpmyadmin.net/security/PMASA-2020-1ghsaWEB
- www.phpmyadmin.net/security/PMASA-2020-1/mitre
News mentions
0No linked articles in our index yet.