Vulnerability Database
296,720
Total vulnerabilities in the database
CVE-2020-26935
An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query.
| Software | From | Fixed in |
|---|---|---|
| phpmyadmin / phpmyadmin | 5.0.0 | 5.0.3 |
| phpmyadmin / phpmyadmin | 4.9.0 | 4.9.6 |
| opensuse / leap | 15.1 | 15.1.x |
| opensuse / backports_sle | 15.0-sp1 | 15.0-sp1.x |
| opensuse / backports_sle | 15.0 | 15.0.x |
| opensuse / leap | 15.2 | 15.2.x |
| opensuse / backports_sle | 15.0-sp2 | 15.0-sp2.x |
| fedoraproject / fedora | 31 | 31.x |
| fedoraproject / fedora | 32 | 32.x |
| fedoraproject / fedora | 33 | 33.x |
| debian / debian_linux | 9.0 | 9.0.x |
- http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00027.html
- http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00005.html
- https://advisory.checkmarx.net/advisory/CX-2020-4281
- https://lists.debian.org/debian-lts-announce/2020/10/msg00024.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FHST4E5IJG7IKZTTW3R6MEZPVHJZ472K/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PXK37YEHSDYCIPQSYEMN2OFTP2ZLM7DO/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNLGHVDNAEZEGRTUESSSQFM7MZTHIDQ5/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FHST4E5IJG7IKZTTW3R6MEZPVHJZ472K/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PXK37YEHSDYCIPQSYEMN2OFTP2ZLM7DO/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNLGHVDNAEZEGRTUESSSQFM7MZTHIDQ5/
- https://security.gentoo.org/glsa/202101-35
- https://www.phpmyadmin.net/security/PMASA-2020-6/
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime