logo

Database

SQL injection - Code In phpmyadmin

Description

phpmyadmin contains SQL Injection vulnerability SQL Injection vulnerability in function getTableCreationQuery in CreateAddField.php in phpMyAdmin 5.x before 5.0.2 via the tbl_storage_engine or tbl_collation parameters to tbl_create.php.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2020-224522. NVD-2020-224523. OSV-DEBIAN-2020-224524. OSV-2020-224525. GCVE-2020-224526. SECURITY-TRACKER-CVE-2020-22452

References

1. https://github.com/phpmyadmin/phpmyadmin/issues/158982. https://github.com/phpmyadmin/phpmyadmin/pull/160043. https://github.com/phpmyadmin/phpmyadmin/commit/bc982466f08ddccad4804ba928f84ff8e25107cb

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.