Main Vulnerability Database SB2020040159

SB2020040159 - CRLF injection in phpMyAdmin

Published: April 1, 2020

Security Bulletin ID SB2020040159

Severity

Medium

Patch available

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) CRLF injection (CVE-ID: CVE-2020-11441)

The vulnerability allows a remote attacker to perform CRLF injection attacks.

The vulnerability exists due to insufficient filtration of user-supplied data, as demonstrated by %0D%0Astring%0D%0A inputs to login form fields. A remote attacker can cause HTML entity injection at the very least, or reflected XSS at the very worst.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://github.com/phpmyadmin/phpmyadmin/issues/16056