CVE-2020-22452: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

January 26, 2023 (updated February 2, 2023)

SQL Injection vulnerability in function getTableCreationQuery in CreateAddField.php in phpMyAdmin 5.x before 5.2.0 via the tbl_storage_engine or tbl_collation parameters to tbl_create.php.

References

github.com/advisories/GHSA-prcg-mc23-hgjh
github.com/phpmyadmin/phpmyadmin/commit/bc982466f08ddccad4804ba928f84ff8e25107cb
github.com/phpmyadmin/phpmyadmin/issues/15898
github.com/phpmyadmin/phpmyadmin/pull/16004
nvd.nist.gov/vuln/detail/CVE-2020-22452

Code Behaviors & Features

Detect and mitigate CVE-2020-22452 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →