CVE-2020-10804
Published: 22 March 2020
In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of the current username (in libraries/classes/Server/Privileges.php and libraries/classes/UserPassword.php). A malicious user with access to the server could create a crafted username, and then trick the victim into performing specific actions with that user account (such as editing its privileges).
From the Ubuntu Security Team
It was discovered that phpMyAdmin failed to sanitize certain input. An attacker could use this vulnerability to execute an SQL injection attack via a specially crafted username.
Priority
Status
Package | Release | Status |
---|---|---|
phpmyadmin Launchpad, Ubuntu, Debian |
bionic |
Released
(4:4.6.6-5ubuntu0.5)
|
eoan |
Does not exist
|
|
focal |
Not vulnerable
(4:4.9.5+dfsg1-1ubuntu1)
|
|
groovy |
Not vulnerable
(4:4.9.5+dfsg1-1ubuntu1)
|
|
hirsute |
Not vulnerable
(4:4.9.5+dfsg1-1ubuntu1)
|
|
impish |
Not vulnerable
(4:4.9.5+dfsg1-1ubuntu1)
|
|
jammy |
Not vulnerable
(4:4.9.5+dfsg1-1ubuntu1)
|
|
kinetic |
Not vulnerable
(4:4.9.5+dfsg1-1ubuntu1)
|
|
lunar |
Not vulnerable
(4:4.9.5+dfsg1-1ubuntu1)
|
|
mantic |
Not vulnerable
(4:4.9.5+dfsg1-1ubuntu1)
|
|
trusty |
Needed
|
|
upstream |
Released
(4:4.9.5+dfsg1-1)
|
|
xenial |
Needed
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 8.0 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | Low |
User interaction | Required |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
References
- https://www.phpmyadmin.net/security/PMASA-2020-2/
- https://github.com/phpmyadmin/phpmyadmin/commit/89fbcd7c39e6b3979cdb2f64aa4cd5f4db27eaad
- https://github.com/phpmyadmin/phpmyadmin/commit/3258978c38bee8cb4b99f249dffac9c8aaea2d80
- https://ubuntu.com/security/notices/USN-4639-1
- https://www.cve.org/CVERecord?id=CVE-2020-10804
- NVD
- Launchpad
- Debian