QwikSec

Security Database

CVE

CWE

Training

CVE-2020-5504

Published: Jan 9, 2020

Modified: Apr 16, 2025

PUBLISHED

Description

In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.phpmyadmin.net/security/PMASA-2020-1/

openSUSE-SU-2020:0056

vendor-advisory

[debian-lts-announce] 20200115 [SECURITY] [DLA 2060-1] phpmyadmin security update

mailing-list

https://cybersecurityworks.com/zerodays/cve-2020-5504-phpmyadmin.html

https://github.com/MarkLee131/awesome-web-pocs/blob/main/CVE-2020-5504.md

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.