Lucene search
Ubuntu.comUB:CVE-2020-5504HistoryJan 09, 2020 - 12:00 a.m.
CVE-2020-5504
2020-01-0900:00:00
ubuntu.com
ubuntu.com
25
0.003 Low
EPSS
Percentile
70.7%
In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in
the user accounts page. A malicious user could inject custom SQL in place
of their own username when creating queries to this page. An attacker must
have a valid MySQL account to access the server.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 18.04 | noarch | phpmyadmin | <Â 4:4.6.6-5ubuntu0.5 | UNKNOWN |
| ubuntu | 22.04 | noarch | phpmyadmin | <Â any | UNKNOWN |
| ubuntu | 23.10 | noarch | phpmyadmin | <Â any | UNKNOWN |
| ubuntu | 24.04 | noarch | phpmyadmin | <Â any | UNKNOWN |
| ubuntu | 16.04 | noarch | phpmyadmin | <Â 4:4.5.4.1-2ubuntu2.1+esm6 | UNKNOWN |
References
gist.github.com/ibennetch/4c1b701f4b766e4dd5556e8e26200b6b
github.com/phpmyadmin/phpmyadmin/commit/c86acbf3ed49f69cf38b31879886dd5eb86b6983
launchpad.net/bugs/cve/CVE-2020-5504
nvd.nist.gov/vuln/detail/CVE-2020-5504
security-tracker.debian.org/tracker/CVE-2020-5504
ubuntu.com/security/notices/USN-4639-1
ubuntu.com/security/notices/USN-4843-1
www.cve.org/CVERecord?id=CVE-2020-5504
www.phpmyadmin.net/security/PMASA-2020-1/
Related
phpmyadmin
phpmyadmin
SQL injection in user accounts page
2020-01-05 00:00:00
alpinelinux
alpinelinux
CVE-2020-5504
2020-01-09 22:15:00
cvelist
cvelist
CVE-2020-5504
2020-01-09 21:56:22
openvas
openvas
Debian: Security Advisory (DLA-2060-1)
2020-01-16 00:00:00
debian
debian
[SECURITY] [DLA 2060-1] phpmyadmin security update
2020-01-15 20:39:50
github
github
phpMyAdmin SQL injection in user accounts page
2022-05-24 17:05:59
osv
osv
phpmyadmin - security update
2020-01-08 00:00:00
CVE-2020-5504
2020-01-09 22:15:13
phpMyAdmin SQL injection in user accounts page
2022-05-24 17:05:59
debiancve
debiancve
CVE-2020-5504
2020-01-09 22:15:00
mageia
mageia
Updated phpmyadmin packages fix security vulnerability
2020-01-12 02:52:04
friendsofphp
friendsofphp
SQL injection in user accounts page
2020-01-01 13:54:59
freebsd
freebsd
phpMyAdmin -- SQL injection
2020-01-05 00:00:00
cve
cve
CVE-2020-5504
2020-01-09 22:15:00
nessus
nessus
FreeBSD : phpMyAdmin -- SQL injection (16aed7b7-344a-11ea-9cdb-001b217b3468)
2020-01-13 00:00:00
phpMyAdmin 4.x < 4.9.4 / 5.x < 5.0.1 SQLi (PMASA-2020-1)
2020-07-17 00:00:00
Debian DLA-2060-1 : phpmyadmin security update
2020-01-16 00:00:00
veracode
veracode
SQL Injection
2020-01-09 05:35:04
prion
prion
Sql injection
2020-01-09 22:15:00
symantec
symantec
phpMyAdmin CVE-2020-5504 SQL Injection Vulnerability
2020-01-05 00:00:00
typo3
typo3
SQL Injection in extension "phpmyadmin" (phpmyadmin)
2020-03-10 00:00:00
suse
suse
Security update for phpMyAdmin (important)
2020-01-14 00:00:00
ubuntu
ubuntu
phpMyAdmin vulnerabilities
2020-11-19 00:00:00
phpMyAdmin vulnerabilities
2021-03-16 00:00:00