-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| phpmyadmin/phpmyadmin | composer | >= 4.9.0, < 4.9.5 | 4.9.5 |
| phpmyadmin/phpmyadmin | composer | >= 5.0.0, < 5.0.2 | 5.0.2 |
PHPPHPMiggo AIRoot Cause AnalysisThe vulnerability explicitly occurs in TableSearchController.php during query generation for search actions. The advisory states parameters weren't properly escaped when building queries, and the CWE-89 classification confirms SQL injection. The commit a8acd7a42cf referenced in PMASA-2020-3 likely fixed parameter handling in this controller's query construction logic. Though exact pre-patch code isn't shown, the file path and functionality described match the SQL injection vector through unescaped database/table name parameters during search operations.
KEV Misses 88% of Exploited CVEs- Get the report