CVE-2020-26935
published 2020-10-10CVE-2020-26935: An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EXPLOIT
An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | phpmyadmin | < phpmyadmin 4:4.9.7+dfsg1-1 (bookworm) | phpmyadmin 4:4.9.7+dfsg1-1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| opensuse | backports_sle | — | — |
| opensuse | leap | — | — |
| opensuse | leap | — | — |
| phpmyadmin | phpmyadmin | >= 0 < 4:4.9.7+dfsg1-1 | 4:4.9.7+dfsg1-1 |
| phpmyadmin | phpmyadmin | >= 0 < 4:4.9.7+dfsg1-1 | 4:4.9.7+dfsg1-1 |
| phpmyadmin | phpmyadmin | >= 0 < 4:4.9.7+dfsg1-1 | 4:4.9.7+dfsg1-1 |
| phpmyadmin | phpmyadmin | >= 0 < 4:4.9.7+dfsg1-1 | 4:4.9.7+dfsg1-1 |
| phpmyadmin | phpmyadmin | >= 0 < 4:4.6.6-5ubuntu0.5 | 4:4.6.6-5ubuntu0.5 |
| phpmyadmin | phpmyadmin | >= 0 < 4:4.0.10-1ubuntu0.1+esm4 | 4:4.0.10-1ubuntu0.1+esm4 |
| phpmyadmin | phpmyadmin | >= 0 < 4:4.5.4.1-2ubuntu2.1+esm6 | 4:4.5.4.1-2ubuntu2.1+esm6 |
| phpmyadmin | phpmyadmin | >= 0 < 4:4.6.6-5ubuntu0.5+esm1 | 4:4.6.6-5ubuntu0.5+esm1 |
| phpmyadmin | phpmyadmin | >= 0 < 4:4.9.5+dfsg1-2ubuntu0.1~esm1 | 4:4.9.5+dfsg1-2ubuntu0.1~esm1 |
| phpmyadmin | phpmyadmin | >= 4.9.0 < 4.9.6 | 4.9.6 |
| phpmyadmin | phpmyadmin | >= 4.9.0 < 4.9.6 | 4.9.6 |
| phpmyadmin | phpmyadmin | >= 5.0.0 < 5.0.3 | 5.0.3 |
| phpmyadmin | phpmyadmin | >= 5.0.0 < 5.0.3 | 5.0.3 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL