PT-2020-18484 · Phpmyadmin+3 · Phpmyadmin+3

Published

2020-01-08

Updated

2024-06-15

CVE-2020-5504

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions phpMyAdmin versions 4.0.0 through 4.9.3 phpMyAdmin versions 5.0.0 through 5.0.0

Description SQL injection exists in the user accounts page of phpMyAdmin. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server.

Recommendations For phpMyAdmin versions 4.0.0 through 4.9.3, update to version 4.9.4 or later. For phpMyAdmin versions 5.0.0 through 5.0.0, update to version 5.0.1 or later.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

ALT-PU-2020-1061

ALT-PU-2020-3212

ALT-PU-2021-3657

BIT-PHPMYADMIN-2020-5504

CVE-2020-5504

DLA-2060-1

GHSA-FGJ8-93XX-F6G6

MGASA-2020-0033

OPENSUSE-SU-2020:0056-1

OPENSUSE-SU-2024:11171-1

USN-4639-1

USN-4843-1

Affected Products

Alt Linux

Linuxmint

Ubuntu

Phpmyadmin

PT-2020-18484 · Phpmyadmin+3 · Phpmyadmin+3

CVE-2020-5504

Weakness Enumeration

Related Identifiers

Affected Products

References · 95