CVE-2020-22278

CVE Database · CVE-2020-22278

CVE-2020-22278

· HIGHModified

CVSS v3.1

8.8

EPSS

1.51%

Published

Nov 4, 2020

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

phpMyAdmin through 5.0.2 allows CSV injection via Export Section. NOTE: the vendor disputes this because "the CSV file is accurately generated based on the database contents.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-1236

Affected Products (1)

phpmyadmin · phpmyadminvulnerable

References (4)

https://cert.ikiu.ac.ir/public-files/news/document/CVE-99/CVE-2020-22278.pdf

Broken LinkThird Party Advisory

https://mega.nz/file/ySQnlQSR#vXzY46mgf0CE2ysYpWpbE4O6T_g37--rtaL8pqdHcQs

ExploitThird Party Advisory

https://cert.ikiu.ac.ir/public-files/news/document/CVE-99/CVE-2020-22278.pdf

Broken LinkThird Party Advisory

https://mega.nz/file/ySQnlQSR#vXzY46mgf0CE2ysYpWpbE4O6T_g37--rtaL8pqdHcQs

ExploitThird Party Advisory

KEV Catalog EPSS Scores Vendors All CVEs