|CERT-In Vulnerability Note
Multiple Vulnerabilities in phpMyAdmin
Original Issue Date:October 16, 2020
Severity Rating: MEDIUM
- phpMyAdmin version prior to 4.9.6
- phpMyAdmin version prior to5.0.3
Multiple vulnerabilities have been reported in phpMyadmin which could allow a remote attacker to conduct cross site scripting and SQL injection attacks on the target system.
1. Cross site Scripting Vulnerability
This vulnerabilities exist in phpMyadmin due to insufficient check on the user supplied input by the transformation feature. An attacker could exploit this vulnerability by sending specially crafted link containing malicious java script to the targeted.
Successful exploitation of this vulnerability could lead to cross site scripting attack on target system.
2. SQL Injection Vulnerability
This vulnerability exists in phpMyadmin due to improper processing of SQL statements in search feature. An attacker could exploit this vulnerability by injecting malicious SQL statement in SQL query.
Successful exploitation of this vulnerability could allow an attacker to conduct SQL Injection attack on the targeted system.
Apply appropriate fixes as issued by the vendor in the following link
The information provided herein is on "as is" basis, without warranty of any kind.
Email: firstname.lastname@example.org Phone: +91-11-24368572
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
6, CGO Complex, Lodhi Road,
New Delhi - 110 003