Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2020-11441 — Injection in Phpmyadmin

CWE-74 — Injection8 documents7 sources

Severity

6.1MEDIUMNVD

EPSS

0.7%

top 29.05%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Phpmyadmin Debian Phpmyadmin

Timeline

PublishedMar 31

Latest updateMay 24

Description

phpMyAdmin 5.0.2 allows CRLF injection, as demonstrated by %0D%0Astring%0D%0A inputs to login form fields causing CRLF sequences to be reflected on an error page. NOTE: the vendor states "I don't see anything specifically exploitable.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶debiandebian/phpmyadmin

▶NVDphpmyadmin/phpmyadmin5.0.2

🔴Vulnerability Details

GHSA

GHSA-j2jx-6pcj-jfpf: phpMyAdmin 5↗2022-05-24

▶

OSV

CVE-2020-11441: ** DISPUTED ** phpMyAdmin 5↗2020-03-31

▶

OSV

CVE-2020-11441: phpMyAdmin 5↗2020-03-31

▶

CVEList

CVE-2020-11441: phpMyAdmin 5↗2020-03-31

▶

💥Exploits & PoCs

Nuclei

phpMyAdmin 5.0.2 - CRLF Injection

▶

📋Vendor Advisories

Debian

CVE-2020-11441: phpmyadmin - phpMyAdmin 5.0.2 allows CRLF injection, as demonstrated by %0D%0Astring%0D%0A in...↗2020

▶

💬Community

Bugzilla

CVE-2020-11441 phpMyAdmin: inputs to login form fields can cause CRLF sequences to be reflected on an error page↗2020-04-20

▶