CVE-2020-22278

NameCVE-2020-22278
Description** DISPUTED ** phpMyAdmin through 5.0.2 allows CSV injection via Export Section. NOTE: the vendor disputes this because "the CSV file is accurately generated based on the database contents."
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
phpmyadmin (PTS)stretch4:4.6.6-4+deb9u1undetermined
stretch (security)4:4.6.6-4+deb9u2undetermined
bullseye, sid4:4.9.7+dfsg1-1undetermined

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
phpmyadminsource(unstable)undetermined

Notes

upstream considers this invalid until now, to be debated
https://github.com/phpmyadmin/phpmyadmin/issues/16101
check, wait for validation of vulnerability status

Search for package or bug name: Reporting problems