CVE-2020-10802
- Source
- https://cve.org/CVERecord?id=CVE-2020-10802
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-10802.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2020-10802
- Aliases
- Downstream
- Related
- Published
- 2020-03-22T05:15:11.603Z
- Modified
- 2026-03-20T11:31:36.531371Z
- Severity
-
- 8.0 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search actions in libraries/classes/Controllers/Table/TableSearchController.php. An attacker can generate a crafted database or table name. The attack can be performed if a user attempts certain search operations on the malicious database or table.
- References
-
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AAVW3SUKWR5RF5LZ6SARCYOWBIFUIWOJ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BUG3IRITW2LUBGR5LSQMP7MVRTELHZJK/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UZI6EQVRRIG252DY3MBT33BJVCSYDMQO/
- https://lists.debian.org/debian-lts-announce/2020/03/msg00028.html
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00046.html
- http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00050.html
- http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html
- https://www.phpmyadmin.net/security/PMASA-2020-3/
Affected packages
Git / github.com/phpmyadmin/phpmyadmin
Affected versions
Other
RELEASE_4_0_0
RELEASE_4_0_1RC1
RELEASE_4_0_2
RELEASE_4_0_2RC1
RELEASE_4_0_3
RELEASE_4_0_3RC1
RELEASE_4_0_4
RELEASE_4_0_4RC1
RELEASE_4_0_4_1
RELEASE_4_0_4_2
RELEASE_4_0_5RC1
RELEASE_4_0_6
RELEASE_4_0_6RC1
RELEASE_4_0_6RC2
RELEASE_4_1_0ALPHA1
RELEASE_4_1_0ALPHA2
RELEASE_4_1_0BETA1
RELEASE_4_1_0BETA2
RELEASE_4_1_0RC1
RELEASE_4_1_0RC2
RELEASE_4_1_0RC3
RELEASE_4_2_0
RELEASE_4_2_0ALPHA1
RELEASE_4_2_0ALPHA2
RELEASE_4_2_0BETA1
RELEASE_4_2_0RC1
RELEASE_4_2_10
RELEASE_4_2_10_1
RELEASE_4_2_11
RELEASE_4_2_12
RELEASE_4_2_13
RELEASE_4_2_13_1
RELEASE_4_2_7
RELEASE_4_2_7_1
RELEASE_4_2_8
RELEASE_4_2_8_1
RELEASE_4_2_9
RELEASE_4_2_9_1
RELEASE_4_3_0
RELEASE_4_3_0ALPHA1
RELEASE_4_3_0BETA1
RELEASE_4_3_0RC1
RELEASE_4_3_0RC2
RELEASE_4_3_1
RELEASE_4_3_10
RELEASE_4_3_11
RELEASE_4_3_11_1
RELEASE_4_3_12
RELEASE_4_3_13
RELEASE_4_3_2
RELEASE_4_3_3
RELEASE_4_3_4
RELEASE_4_3_5
RELEASE_4_3_6
RELEASE_4_3_7
RELEASE_4_3_8
RELEASE_4_3_9
RELEASE_4_4_0
RELEASE_4_4_0ALPHA1
RELEASE_4_4_1
RELEASE_4_4_10
RELEASE_4_4_11
RELEASE_4_4_12
RELEASE_4_4_13
RELEASE_4_4_13_1
RELEASE_4_4_14
RELEASE_4_4_14_1
RELEASE_4_4_15
RELEASE_4_4_15_1
RELEASE_4_4_15_2
RELEASE_4_4_1_1
RELEASE_4_4_2
RELEASE_4_4_3
RELEASE_4_4_4
RELEASE_4_4_5
RELEASE_4_4_6
RELEASE_4_4_6_1
RELEASE_4_4_7
RELEASE_4_4_8
RELEASE_4_4_9
RELEASE_4_5_0
RELEASE_4_5_0RC1
RELEASE_4_5_0_1
RELEASE_4_5_0_2
RELEASE_4_5_1
RELEASE_4_5_2
RELEASE_4_5_3
RELEASE_4_5_3_1
RELEASE_4_5_4
RELEASE_4_5_4_1
RELEASE_4_5_5
RELEASE_4_5_5_1
RELEASE_4_6_0
RELEASE_4_6_0ALPHA1
RELEASE_4_6_0RC1
RELEASE_4_6_0RC2
RELEASE_4_6_1
RELEASE_4_6_2
RELEASE_4_6_3
RELEASE_4_6_4
RELEASE_4_6_5
RELEASE_4_6_5_1
RELEASE_4_6_5_2
RELEASE_4_6_6
RELEASE_4_7_0
RELEASE_4_7_0BETA1
RELEASE_4_7_0RC1
RELEASE_4_7_1
RELEASE_4_7_2
RELEASE_4_7_3
RELEASE_4_7_4
RELEASE_4_7_5
RELEASE_4_7_6
RELEASE_4_7_7
RELEASE_4_7_8
RELEASE_4_7_9
RELEASE_4_8_0
RELEASE_4_8_0ALPHA1
RELEASE_4_8_0RC1
RELEASE_4_8_0_1
RELEASE_4_8_1
RELEASE_4_8_2
RELEASE_4_8_3
RELEASE_4_8_4
RELEASE_4_8_5
RELEASE_4_9_0
RELEASE_4_9_0_1
RELEASE_4_9_1
RELEASE_4_9_2
RELEASE_4_9_3
RELEASE_4_9_4
Database specific
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-10802.json"
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "30"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "31"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "32"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "15.0-NA"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "15.0-sp1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "15.1"
}
]
}
]