In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2020-01-09T21:56:22
Updated: 2024-08-04T08:30:24.209Z
Reserved: 2020-01-05T00:00:00
Link: CVE-2020-5504
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2020-01-09T22:15:13.863
Modified: 2020-11-10T19:40:11.603
Link: CVE-2020-5504
Redhat
No data.