VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-hdce-qvrp-fqcg

Essentials
Severities (41)
References (11)
Severity details (17)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-hdce-qvrp-fqcg
Aliases	CVE-2020-22452 GHSA-prcg-mc23-hgjh
Summary	phpmyadmin contains SQL Injection vulnerability SQL Injection vulnerability in function getTableCreationQuery in CreateAddField.php in phpMyAdmin 5.x before 5.0.2 via the tbl_storage_engine or tbl_collation parameters to tbl_create.php.
Status	Published
Exploitability	0.5
Weighted Severity	9.0
Risk	4.5
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-89	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3.1	9.8	http://phpmyadmin.com
ssvc	Track*	http://phpmyadmin.com
epss	0.01302	https://api.first.org/data/v1/epss?cve=CVE-2020-22452
epss	0.01302	https://api.first.org/data/v1/epss?cve=CVE-2020-22452
epss	0.01302	https://api.first.org/data/v1/epss?cve=CVE-2020-22452
epss	0.01302	https://api.first.org/data/v1/epss?cve=CVE-2020-22452
epss	0.01338	https://api.first.org/data/v1/epss?cve=CVE-2020-22452
epss	0.01338	https://api.first.org/data/v1/epss?cve=CVE-2020-22452
epss	0.02868	https://api.first.org/data/v1/epss?cve=CVE-2020-22452
epss	0.02868	https://api.first.org/data/v1/epss?cve=CVE-2020-22452
epss	0.02868	https://api.first.org/data/v1/epss?cve=CVE-2020-22452
epss	0.02868	https://api.first.org/data/v1/epss?cve=CVE-2020-22452
epss	0.02868	https://api.first.org/data/v1/epss?cve=CVE-2020-22452
epss	0.02868	https://api.first.org/data/v1/epss?cve=CVE-2020-22452
epss	0.02868	https://api.first.org/data/v1/epss?cve=CVE-2020-22452
epss	0.02868	https://api.first.org/data/v1/epss?cve=CVE-2020-22452
epss	0.02868	https://api.first.org/data/v1/epss?cve=CVE-2020-22452
epss	0.02868	https://api.first.org/data/v1/epss?cve=CVE-2020-22452
epss	0.02868	https://api.first.org/data/v1/epss?cve=CVE-2020-22452
epss	0.02868	https://api.first.org/data/v1/epss?cve=CVE-2020-22452
epss	0.02868	https://api.first.org/data/v1/epss?cve=CVE-2020-22452
epss	0.02868	https://api.first.org/data/v1/epss?cve=CVE-2020-22452
epss	0.02868	https://api.first.org/data/v1/epss?cve=CVE-2020-22452
epss	0.02868	https://api.first.org/data/v1/epss?cve=CVE-2020-22452
epss	0.02868	https://api.first.org/data/v1/epss?cve=CVE-2020-22452
epss	0.02868	https://api.first.org/data/v1/epss?cve=CVE-2020-22452
cvssv3.1_qr	CRITICAL	https://github.com/advisories/GHSA-prcg-mc23-hgjh
cvssv3.1	9.8	https://github.com/phpmyadmin/phpmyadmin
generic_textual	CRITICAL	https://github.com/phpmyadmin/phpmyadmin
cvssv3.1	9.8	https://github.com/phpmyadmin/phpmyadmin/blob/master/ChangeLog
ssvc	Track*	https://github.com/phpmyadmin/phpmyadmin/blob/master/ChangeLog
cvssv3.1	9.8	https://github.com/phpmyadmin/phpmyadmin/commit/bc982466f08ddccad4804ba928f84ff8e25107cb
generic_textual	CRITICAL	https://github.com/phpmyadmin/phpmyadmin/commit/bc982466f08ddccad4804ba928f84ff8e25107cb
cvssv3.1	9.8	https://github.com/phpmyadmin/phpmyadmin/issues/15898
generic_textual	CRITICAL	https://github.com/phpmyadmin/phpmyadmin/issues/15898
ssvc	Track*	https://github.com/phpmyadmin/phpmyadmin/issues/15898
cvssv3.1	9.8	https://github.com/phpmyadmin/phpmyadmin/pull/16004
generic_textual	CRITICAL	https://github.com/phpmyadmin/phpmyadmin/pull/16004
ssvc	Track*	https://github.com/phpmyadmin/phpmyadmin/pull/16004
cvssv3.1	9.8	https://nvd.nist.gov/vuln/detail/CVE-2020-22452
generic_textual	CRITICAL	https://nvd.nist.gov/vuln/detail/CVE-2020-22452

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2020-22452
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-22452
		https://github.com/phpmyadmin/phpmyadmin
		https://github.com/phpmyadmin/phpmyadmin/commit/bc982466f08ddccad4804ba928f84ff8e25107cb
		https://github.com/phpmyadmin/phpmyadmin/issues/15898
		https://github.com/phpmyadmin/phpmyadmin/pull/16004
		https://nvd.nist.gov/vuln/detail/CVE-2020-22452
ChangeLog		https://github.com/phpmyadmin/phpmyadmin/blob/master/ChangeLog
cpe:2.3:a:phpmyadmin:phpmyadmin::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phpmyadmin:phpmyadmin::::::::
GHSA-prcg-mc23-hgjh		https://github.com/advisories/GHSA-prcg-mc23-hgjh
phpmyadmin.com		http://phpmyadmin.com

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at http://phpmyadmin.com

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-01T14:07:49Z/ Found at http://phpmyadmin.com

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/phpmyadmin/phpmyadmin

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/phpmyadmin/phpmyadmin/blob/master/ChangeLog

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-01T14:07:49Z/ Found at https://github.com/phpmyadmin/phpmyadmin/blob/master/ChangeLog

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/phpmyadmin/phpmyadmin/commit/bc982466f08ddccad4804ba928f84ff8e25107cb

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/phpmyadmin/phpmyadmin/issues/15898

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-01T14:07:49Z/ Found at https://github.com/phpmyadmin/phpmyadmin/issues/15898

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/phpmyadmin/phpmyadmin/pull/16004

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-04-01T14:07:49Z/ Found at https://github.com/phpmyadmin/phpmyadmin/pull/16004

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2020-22452

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.79032
EPSS Score	0.01302
Published At	Sept. 20, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:41:56.193575+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/01/GHSA-prcg-mc23-hgjh/GHSA-prcg-mc23-hgjh.json	37.0.0