CVE-2020-22452

Опубликовано: 26 янв. 2023

Источник: debian

Описание

SQL Injection vulnerability in function getTableCreationQuery in CreateAddField.php in phpMyAdmin 5.x before 5.2.0 via the tbl_storage_engine or tbl_collation parameters to tbl_create.php.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
phpmyadmin	fixed	4:5.0.4+dfsg1-1		package

Примечания

https://github.com/phpmyadmin/phpmyadmin/issues/15898
https://github.com/phpmyadmin/phpmyadmin/pull/16004
https://github.com/phpmyadmin/phpmyadmin/commit/20e3d2fa9f5dc55fd25209963b5f26705d3e8020 (RELEASE_5_0_2)
https://github.com/phpmyadmin/phpmyadmin/commit/ca42395ee4b2936d3702524f8fb8bec1e9502bc7 (RELEASE_5_0_2)
https://github.com/phpmyadmin/phpmyadmin/commit/f6af795eb380aef11a2924b8be91dfbb4a7562b6 (RELEASE_5_0_2)

Связанные уязвимости

CVE-2020-22452

CVSS3: 9.8

ubuntu

больше 2 лет назад

SQL Injection vulnerability in function getTableCreationQuery in CreateAddField.php in phpMyAdmin 5.x before 5.2.0 via the tbl_storage_engine or tbl_collation parameters to tbl_create.php.

CVE-2020-22452

CVSS3: 9.8

nvd

больше 2 лет назад

SQL Injection vulnerability in function getTableCreationQuery in CreateAddField.php in phpMyAdmin 5.x before 5.2.0 via the tbl_storage_engine or tbl_collation parameters to tbl_create.php.

GHSA-prcg-mc23-hgjh

CVSS3: 9.8

github

больше 2 лет назад

phpmyadmin contains SQL Injection vulnerability