In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of the current username (in libraries/classes/Server/Privileges.php and libraries/classes/UserPassword.php). A malicious user with access to the server could create a crafted username, and then trick the victim into performing specific actions with that user account (such as editing its privileges).
                
            Metrics
Affected Vendors & Products
Advisories
    | Source | ID | Title | 
|---|---|---|
|  EUVD | EUVD-2022-4079 | In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of the current username (in libraries/classes/Server/Privileges.php and libraries/classes/UserPassword.php). A malicious user with access to the server could create a crafted username, and then trick the victim into performing specific actions with that user account (such as editing its privileges). | 
|  Github GHSA | GHSA-h65r-8fp8-w7cx | phpMyAdmin SQL Injection | 
|  Ubuntu USN | USN-4639-1 | phpMyAdmin vulnerabilities | 
Fixes
    Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
        History
                    No history.
 MITRE
                        MITRE
                    Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-04T11:14:15.581Z
Reserved: 2020-03-22T00:00:00
Link: CVE-2020-10804
 Vulnrichment
                        Vulnrichment
                    No data.
 NVD
                        NVD
                    Status : Modified
Published: 2020-03-22T04:15:11.297
Modified: 2024-11-21T04:56:06.423
Link: CVE-2020-10804
 Redhat
                        Redhat
                    No data.
 OpenCVE Enrichment
                        OpenCVE Enrichment
                    No data.