6
CVSSv2

CVE-2020-10804

Published: 22/03/2020 Updated: 30/03/2020
CVSS v2 Base Score: 6 | Impact Score: 6.4 | Exploitability Score: 6.8
Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P

Vulnerability Summary

In phpMyAdmin 4.x prior to 4.9.5 and 5.x prior to 5.0.2, a SQL injection vulnerability was found in retrieval of the current username (in libraries/classes/Server/Privileges.php and libraries/classes/UserPassword.php). A malicious user with access to the server could create a crafted username, and then trick the victim into performing specific actions with that user account (such as editing its privileges).

Vulnerability Trend

Affected Products

Vendor Product Versions
PhpmyadminPhpmyadmin4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.4.1, 4.0.4.2, 4.0.5, 4.0.6, 4.0.7, 4.0.8, 4.0.9, 4.0.10, 4.0.10.1, 4.0.10.2, 4.0.10.3, 4.0.10.4, 4.0.10.5, 4.0.10.6, 4.0.10.7, 4.0.10.8, 4.0.10.9, 4.0.10.10, 4.0.10.11, 4.0.10.12, 4.0.10.13, 4.0.10.14, 4.0.10.15, 4.0.10.16, 4.0.10.17, 4.0.10.18, 4.0.10.19, 4.0.10.20, 4.1.0, 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.5, 4.1.6, 4.1.7, 4.1.8, 4.1.9, 4.1.10, 4.1.11, 4.1.12, 4.1.13, 4.1.14, 4.1.14.1, 4.1.14.2, 4.1.14.3, 4.1.14.4, 4.1.14.5, 4.1.14.6, 4.1.14.7, 4.1.14.8, 4.2.0, 4.2.1, 4.2.2, 4.2.3, 4.2.4, 4.2.5, 4.2.6, 4.2.7, 4.2.7.1, 4.2.8, 4.2.8.1, 4.2.9, 4.2.9.1, 4.2.10, 4.2.10.1, 4.2.11, 4.2.12, 4.2.13, 4.2.13.1, 4.2.13.2, 4.2.13.3, 4.3.0, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.3.5, 4.3.6, 4.3.7, 4.3.8, 4.3.9, 4.3.10, 4.3.11, 4.3.11.1, 4.3.12, 4.3.13, 4.3.13.1, 4.3.13.2, 4.3.13.3, 4.4.0, 4.4.1, 4.4.1.1, 4.4.2, 4.4.3, 4.4.4, 4.4.5, 4.4.6, 4.4.6.1, 4.4.7, 4.4.8, 4.4.9, 4.4.10, 4.4.11, 4.4.12, 4.4.13, 4.4.13.1, 4.4.14, 4.4.14.1, 4.4.15, 4.4.15.1, 4.4.15.2, 4.4.15.3, 4.4.15.4, 4.4.15.5, 4.4.15.6, 4.4.15.7, 4.4.15.8, 4.4.15.9, 4.4.15.10, 4.5.0, 4.5.0.1, 4.5.0.2, 4.5.1, 4.5.2, 4.5.3, 4.5.3.1, 4.5.4, 4.5.4.1, 4.5.5, 4.5.5.1, 4.6.0, 4.6.1, 4.6.2, 4.6.3, 4.6.4, 4.6.5, 4.6.5.1, 4.6.5.2, 4.6.6, 4.7.0, 4.7.1, 4.7.2, 4.7.3, 4.7.4, 4.7.5, 4.7.6, 4.7.7, 4.7.8, 4.7.9, 4.8.0, 4.8.0.1, 4.8.1, 4.8.2, 4.8.3, 4.8.4, 4.8.5, 4.9.0, 4.9.0.1, 4.9.2, 4.9.4, 5.0.0, 5.0.1

Vendor Advisories

Debian Bug report logs - #954667 phpmyadmin: CVE-2020-10804 Package: src:phpmyadmin; Maintainer for src:phpmyadmin is phpMyAdmin Packaging Team <team+phpmyadmin@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 22 Mar 2020 13:18:06 UTC Severity: important Tags: security, upstream ...