CVE-2020-22452

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in packagist/phpmyadmin/phpmyadmin

Identifiers

GHSA-prcg-mc23-hgjh, CVE-2020-22452

Package Slug

packagist/phpmyadmin/phpmyadmin

Vulnerability

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Description

SQL Injection vulnerability in function getTableCreationQuery in CreateAddField.php in phpMyAdmin 5.x before 5.2.0 via the tblstorageengine or tblcollation parameters to tblcreate.php.

Affected Versions

All versions starting from 5.0.0 before 5.0.2

Solution

Upgrade to version 5.0.2 or above.

Last Modified

2023-02-03

source