Fluid Attacks Database

Description

phpMyAdmin SQL injection vulnerability An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	phpmyadmin	>=0 <4:4.9.7+dfsg1-1	4:4.9.7+dfsg1-1
packagist	phpmyadmin/phpmyadmin	>=4.9.0 <4.9.6 \|\| >=5.0.0 <5.0.3	4.9.6, 5.0.3
debian 12	phpmyadmin	>=0 <4:4.9.7+dfsg1-1	4:4.9.7+dfsg1-1
debian 13	phpmyadmin	>=0 <4:4.9.7+dfsg1-1	4:4.9.7+dfsg1-1

Aliases

1. CVE-2020-269352. NVD-2020-269353. OSV-DEBIAN-2020-269354. OSV-2020-269355. GCVE-2020-269356. SECURITY-TRACKER-CVE-2020-269357. lists.debian.org8. security.gentoo.org

References

1. https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-26935.yaml2. https://github.com/FriendsOfPHP/security-advisories/blob/master/phpmyadmin/phpmyadmin/CVE-2020-26935.yaml3. https://lists.fedoraproject.org/archives/list/[email protected]/message/FHST4E5IJG7IKZTTW3R6MEZPVHJZ472K4. https://lists.fedoraproject.org/archives/list/[email protected]/message/PXK37YEHSDYCIPQSYEMN2OFTP2ZLM7DO5. https://lists.fedoraproject.org/archives/list/[email protected]/message/TNLGHVDNAEZEGRTUESSSQFM7MZTHIDQ56. https://www.phpmyadmin.net/security/PMASA-2020-67. http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00027.html8. http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html