GHSA-prcg-mc23-hgjh

Suggest an improvement
Source
https://github.com/advisories/GHSA-prcg-mc23-hgjh
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/01/GHSA-prcg-mc23-hgjh/GHSA-prcg-mc23-hgjh.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-prcg-mc23-hgjh
Aliases
Published
2023-01-26T21:30:29Z
Modified
2023-12-06T01:00:22.251079Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
phpmyadmin contains SQL Injection vulnerability
Details

SQL Injection vulnerability in function getTableCreationQuery in CreateAddField.php in phpMyAdmin 5.x before 5.0.2 via the tblstorageengine or tblcollation parameters to tblcreate.php.

Database specific 
{
    "nvd_published_at": "2023-01-26T21:15:00Z",
    "github_reviewed_at": "2023-02-02T22:19:25Z",
    "severity": "CRITICAL",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-89"
    ]
}
References

Affected packages

Packagist / phpmyadmin/phpmyadmin

Package

Name
phpmyadmin/phpmyadmin
Purl
pkg:composer/phpmyadmin/phpmyadmin

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.0.0
Fixed
5.0.2

Affected versions

5.*

5.0.0
5.0.0.1
5.0.1