All errata/sisyphus/ALT-PU-2020-2100-2
ALT-PU-2020-2100-2

Package update phpMyAdmin in branch sisyphus

Version5.0.2-alt1
Task#252799
Published2026-02-04
Max severityHIGH
Severity:

Closed issues (6)

CVE-2020-10802
HIGH8.0

In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search actions in libraries/classes/Controllers/Table/TableSearchController.php. An attacker can generate a crafted database or table name. The attack can be performed if a user attempts certain search operations on the malicious database or table.

Published: 2020-03-22Modified: 2024-11-21
CVSS 2.0MEDIUM 6.0
CVSS:2.0/AV:N/AC:M/Au:S/C:P/I:P/A:P
CVSS 3.xHIGH 8.0
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
References
CVE-2020-10803
MEDIUM5.4

In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results (in tbl_get_field.php and libraries/classes/Display/Results.php). The attacker must be able to insert crafted data into certain database tables, which when retrieved (for instance, through the Browse tab) can trigger the XSS attack.

Published: 2020-03-22Modified: 2024-11-21
CVSS 2.0LOW 3.5
CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:P/A:N
CVSS 3.xMEDIUM 5.4
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
References
CVE-2020-10804
HIGH8.0

In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of the current username (in libraries/classes/Server/Privileges.php and libraries/classes/UserPassword.php). A malicious user with access to the server could create a crafted username, and then trick the victim into performing specific actions with that user account (such as editing its privileges).

Published: 2020-03-22Modified: 2024-11-21
CVSS 2.0MEDIUM 6.0
CVSS:2.0/AV:N/AC:M/Au:S/C:P/I:P/A:P
CVSS 3.xHIGH 8.0
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
References
GHSA-f4cr-3xmc-2wpm
HIGH8.0

phpMyAdmin SQL injection vulnerability

Published: 2022-05-24Modified: 2024-04-24
CVSS 3.xHIGH 8.0
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
References
GHSA-fcww-8wvc-38q9
MEDIUM5.4

phpMyAdmin SQL injection vulnerability

Published: 2022-05-24Modified: 2024-04-24
CVSS 3.xMEDIUM 5.4
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
References
GHSA-h65r-8fp8-w7cx
HIGH8.0

phpMyAdmin SQL Injection

Published: 2022-05-24Modified: 2024-04-24
CVSS 3.xHIGH 8.0
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
References