Description

phpMyAdmin through 5.0.2 allows CSV injection via Export Section. NOTE: the vendor disputes this because "the CSV file is accurately generated based on the database contents.

Remediation

References

CVE-2020-22278

Related Vulnerabilities

WordPress 5.2.x Multiple Vulnerabilities (5.2 - 5.2.13)

WordPress Plugin User Submitted Posts Cross-Site Scripting (20151113)

WordPress Plugin Tom M8te Directory Traversal (1.5.3)

WordPress Plugin Total Donations for Wordpress Security Bypass (2.0.5)

Liferay Portal Insufficient Session Expiration Vulnerability (CVE-2021-33322)

Severity

High

Classification

CVE-2020-22278 CWE-1236 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities