CVE-2020-22278: Improper Neutralization of Escape, Meta, or Control Sequences

November 4, 2020 (updated November 13, 2020)

phpMyAdmin may allow CSV injection via Export Section. NOTE: the vendor disputes this because “the CSV file is accurately generated based on the database contents”.

References

nvd.nist.gov/vuln/detail/CVE-2020-22278

Code Behaviors & Features

Detect and mitigate CVE-2020-22278 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →