CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-11441
https://notcve.org/view.php?id=CVE-2020-11441
31 Mar 2020 — phpMyAdmin 5.0.2 allows CRLF injection, as demonstrated by %0D%0Astring%0D%0A inputs to login form fields causing CRLF sequences to be reflected on an error page. NOTE: the vendor states "I don't see anything specifically exploitable. ** EN DISPUTA ** phpMyAdmin versión 5.0.2, permite una inyección CRLF, como es demostrado por las entradas %0D%0Astring%0D%0A en los campos del formulario de inicio de sesión, causando que las secuencias de tipo CRLF sean reflejadas sobre una página de error. NOTA: el proveedo... • https://github.com/phpmyadmin/phpmyadmin/issues/16056 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 8.0EPSS: 0%CPEs: 11EXPL: 0CVE-2020-10802 – Ubuntu Security Notice USN-4639-1
https://notcve.org/view.php?id=CVE-2020-10802
22 Mar 2020 — In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search actions in libraries/classes/Controllers/Table/TableSearchController.php. An attacker can generate a crafted database or table name. The attack can be performed if a user attempts certain search operations on the malicious database or table. En phpMyAdmin versiones 4.x anteriores a 4.9.5 y versiones 5.x anteriores ... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00046.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 11EXPL: 0CVE-2020-10803 – Ubuntu Security Notice USN-4639-1
https://notcve.org/view.php?id=CVE-2020-10803
22 Mar 2020 — In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results (in tbl_get_field.php and libraries/classes/Display/Results.php). The attacker must be able to insert crafted data into certain database tables, which when retrieved (for instance, through the Browse tab) can trigger the XSS attack. En phpMyAdmin versiones 4.x anteriores a 4.9.5 y versiones 5.x anteriores a 5.0... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00046.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.0EPSS: 0%CPEs: 10EXPL: 0CVE-2020-10804
https://notcve.org/view.php?id=CVE-2020-10804
22 Mar 2020 — In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of the current username (in libraries/classes/Server/Privileges.php and libraries/classes/UserPassword.php). A malicious user with access to the server could create a crafted username, and then trick the victim into performing specific actions with that user account (such as editing its privileges). En phpMyAdmin versiones 4.x anteriores a 4.9.5 y versiones 5.x anteriores a 5.0.2, se encontró una vulner... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00046.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 2CVE-2020-5504 – Ubuntu Security Notice USN-4639-1
https://notcve.org/view.php?id=CVE-2020-5504
09 Jan 2020 — In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server. En phpMyAdmin versiones 4 anteriores a 4.9.4 y versiones 5 anteriores a 5.0.1, una inyección SQL se presenta en la página de cuentas de usuario. Un usuario malicioso podría inyectar SQL personalizado en lugar de su propio nombre de usuario c... • https://github.com/xMohamed0/CVE-2020-5504-phpMyAdmin • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •