CVE-2020-22278

Name of the Vulnerable Software and Affected Versions: phpMyAdmin versions 5.0.2 and earlier

Description: The issue is related to a lack of neutralization of elements in a CSV file in the "Export" function of the phpMyAdmin web application for database management. This could allow a remote attacker to execute arbitrary code when a specially crafted CSV file is opened. The vulnerability is associated with CSV injection via the Export Section. It is noted that the vendor disputes this issue, stating that the CSV file is accurately generated based on the database contents.

Recommendations: For phpMyAdmin versions 5.0.2 and earlier, consider disabling the "Export" function until a patch is available to prevent potential CSV injection attacks. Restrict access to the Export Section to minimize the risk of exploitation. Avoid using the Export function with untrusted CSV files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.