First published: Thu Mar 05 2020(Updated: )
In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results (in tbl_get_field.php and libraries/classes/Display/Results.php). The attacker must be able to insert crafted data into certain database tables, which when retrieved (for instance, through the Browse tab) can trigger the XSS attack.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
composer/phpmyadmin/phpmyadmin | >=3.4<4.9.5>=5.0.0<5.0.2 | |
composer/phpmyadmin/phpmyadmin | >=5.0.0<5.0.2 | 5.0.2 |
composer/phpmyadmin/phpmyadmin | >=3.4<4.9.5 | 4.9.5 |
phpMyAdmin | >=4.0.0<4.9.5 | |
phpMyAdmin | >=5.0.0<5.0.2 | |
Debian Linux | =8.0 | |
Red Hat Fedora | =30 | |
Red Hat Fedora | =31 | |
Red Hat Fedora | =32 | |
openSUSE Backports | =15.0 | |
openSUSE Backports | =15.0-sp1 | |
SUSE Linux | =15.1 | |
All of | ||
SUSE Package Hub for SUSE Linux Enterprise | ||
SUSE Linux Enterprise Server | =12.0 | |
SUSE Package Hub for SUSE Linux Enterprise | ||
SUSE Linux Enterprise Server | =12.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2020-10803.
The severity level of CVE-2020-10803 is medium with a CVSS score of 5.4.
The affected software versions include phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2.
An attacker can exploit this vulnerability by using malicious code to trigger an XSS attack through retrieving and displaying results in tbl_get_field.php and libraries/classes/Display/Results.php.
Yes, you can find official references for CVE-2020-10803 at the following links: [1] [2] [3].