CVE-2020-10803

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2020-10803
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-10803.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-10803
Aliases
Downstream
Related
Published
2020-03-22T05:15:11.667Z
Modified
2026-04-16T04:33:34.581407513Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results (in tblgetfield.php and libraries/classes/Display/Results.php). The attacker must be able to insert crafted data into certain database tables, which when retrieved (for instance, through the Browse tab) can trigger the XSS attack.

References

Affected packages

Git / github.com/phpmyadmin/phpmyadmin

Affected ranges

Type
GIT
Repo
https://github.com/phpmyadmin/phpmyadmin
Events
Introduced
6da64cc3b2ba4439574f914f51e161645375be96
Fixed
1651d674d65bdd032071733f57cfff9b496e7d85
Introduced
c124aacc32329f69f3e8189c61c5d82f6d9fcd47
Fixed
4520c9d17291007bc2da9f71836ac8c72fc9a7e5
Database specific 
{
    "versions": [
        {
            "introduced": "4.0.0"
        },
        {
            "fixed": "4.9.5"
        },
        {
            "introduced": "5.0.0"
        },
        {
            "fixed": "5.0.2"
        }
    ]
}

Affected versions

Other
RELEASE_5_0_0
RELEASE_5_0_1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-10803.json"
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "8.0"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "30"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "31"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "32"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "15.0-NA"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "15.0-sp1"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "15.1"
            }
        ]
    }
]