Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2020-5504

Published: 09/01/2020 Updated: 10/11/2020
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 580
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Subscribe to Phpmyadmin

Vulnerability Summary

In phpMyAdmin 4 prior to 4.9.4 and 5 prior to 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

phpmyadmin phpmyadmin

suse suse linux enterprise server 12

debian debian linux 8.0

Vendor Advisories

Debian CVElist Bug Report Logs: phpmyadmin: CVE-2020-5504
Debian Bug report logs - #948718 phpmyadmin: CVE-2020-5504 Package: src:phpmyadmin; Maintainer for src:phpmyadmin is phpMyAdmin Packaging Team <team+phpmyadmin@trackerdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 12 Jan 2020 15:21:01 UTC Severity: important Tags: security, upstream F ...

Github Repositories

https://github.com/whale-baby/exploitation-of-vulnerability

exploitation

exploitation-of-vulnerability 泛微OA云桥未授权任意文件读取EXP phpmyadmin SQL injection vulnerability(CVE-2020-5504) Struts2 S2-061 远程命令执行漏洞(CVE-2020-17530) 2019 致远 OA A8远程Getshell 致远OA ajaxdo登录绕过任意文件上传

https://github.com/xMohamed0/CVE-2020-5504-phpMyAdmin

CVE-2020-5504-phpMyAdmin

References

CWE-89https://www.phpmyadmin.net/security/PMASA-2020-1/http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.htmlhttps://lists.debian.org/debian-lts-announce/2020/01/msg00011.htmlhttps://cybersecurityworks.com/zerodays/cve-2020-5504-phpmyadmin.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948718https://nvd.nist.govhttps://github.com/whale-baby/exploitation-of-vulnerability
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322administrator privilegesCVE-2024-1579hardcodedCVE-2023-20198CVE-2024-33587CVE-2024-33449CVE-2024-4308HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook