CVE-2020-5504: SQL Injection

January 9, 2020 (updated November 10, 2020)

phpMyAdmin contains a SQL injection in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server.

References

nvd.nist.gov/vuln/detail/CVE-2020-5504
www.phpmyadmin.net/security/PMASA-2020-1/

Detect and mitigate CVE-2020-5504 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →