CVE-2020-10802

Published: 22 March 2020

In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search actions in libraries/classes/Controllers/Table/TableSearchController.php. An attacker can generate a crafted database or table name. The attack can be performed if a user attempts certain search operations on the malicious database or table.

From the Ubuntu Security Team

It was discovered that phpMyAdmin failed to sanitize certain input. An attacker could use this vulnerability to execute an SQL injection attack via a specially crafted database or table name.

Priority

Cvss 3 Severity Score

8.0

Score breakdown

Status

Package	Release	Status
phpmyadmin Launchpad, Ubuntu, Debian	bionic	Released (4:4.6.6-5ubuntu0.5)
	eoan	Does not exist
	focal	Not vulnerable (4:4.9.5+dfsg1-1ubuntu1)
	groovy	Not vulnerable (4:4.9.5+dfsg1-1ubuntu1)
	hirsute	Not vulnerable (4:4.9.5+dfsg1-1ubuntu1)
	impish	Not vulnerable (4:4.9.5+dfsg1-1ubuntu1)
	jammy	Not vulnerable (4:4.9.5+dfsg1-1ubuntu1)
	kinetic	Not vulnerable (4:4.9.5+dfsg1-1ubuntu1)
	lunar	Not vulnerable (4:4.9.5+dfsg1-1ubuntu1)
	mantic	Not vulnerable (4:4.9.5+dfsg1-1ubuntu1)
	trusty	Needed
	upstream	Released (4:4.2.12-2+deb8u9, 4:4.6.6-4+deb9u1, 4:4.9.5+dfsg1-1)
	xenial	Needed

Severity score breakdown

Parameter	Value
Base score	8.0
Attack vector	Network
Attack complexity	Low
Privileges required	Low
User interaction	Required
Scope	Unchanged
Confidentiality	High
Integrity impact	High
Availability impact	High
Vector	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

References

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=954665

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›