CVE-2020-10802: SQL Injection

March 22, 2020 (updated November 2, 2020)

In phpMyAdmin, an SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search actions in libraries/classes/Controllers/Table/TableSearchController.php. An attacker can generate a crafted database or table name. The attack can be performed if a user attempts certain search operations on the malicious database or table.

References

nvd.nist.gov/vuln/detail/CVE-2020-10802
www.phpmyadmin.net/security/PMASA-2020-3/

Detect and mitigate CVE-2020-10802 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →