Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2020-26935

CWE-89SQL Injection12 documents8 sources
Severity
9.8CRITICAL
EPSS
91.5%
top 0.33%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
5
Phpmyadmin PhpmyadminDebian Debian LinuxFedoraproject Fedora+2 more
Timeline
PublishedOct 10
Latest updateMay 24

Description

An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages5 packages

NVDphpmyadmin/phpmyadmin4.9.04.9.6+1
Packagistphpmyadmin/phpmyadmin4.9.04.9.6+1
Debianphpmyadmin< 4:4.9.7+dfsg1-1+3
NVDopensuse/leap15.1, 15.2+1

Also affects: Debian Linux 9.0, Fedora 31, 32, 33

Patches

Patch: www.phpmyadmin.netPatch: www.phpmyadmin.net

🔴Vulnerability Details

4
OSV
phpMyAdmin SQL injection vulnerability2022-05-24
GHSA
phpMyAdmin SQL injection vulnerability2022-05-24
CVEList
CVE-2020-26935: An issue was discovered in SearchController in phpMyAdmin before 42020-10-10
OSV
CVE-2020-26935: An issue was discovered in SearchController in phpMyAdmin before 42020-10-10

💥Exploits & PoCs

1
Nuclei
phpMyAdmin < 5.0.3 - SQL Injection

📋Vendor Advisories

3
Ubuntu
phpMyAdmin vulnerabilities2021-03-16
Ubuntu
phpMyAdmin vulnerabilities2020-11-19
Debian
CVE-2020-26935: phpmyadmin - An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x b...2020

💬Community

3
Bugzilla
CVE-2020-26935 phpMyAdmin: SQL injection vulnerability in SearchController [epel-all]2020-10-12
Bugzilla
CVE-2020-26935 phpmyadmin: SQL injection vulnerability in SearchController2020-10-12
Bugzilla
CVE-2020-26935 phpMyAdmin: SQL injection vulnerability in SearchController [fedora-all]2020-10-12
CVE-2020-26935 (CRITICAL CVSS 9.8) | An issue was discovered in SearchCo | cvebase.io