Vulnerabilities > CVE-2020-22278 - Improper Neutralization of Formula Elements in a CSV File vulnerability in PHPmyadmin

047910
CVSS 8.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
phpmyadmin
CWE-1236
NVD
Published: 2020-11-04
Updated: 2024-04-11

Summary

phpMyAdmin through 5.0.2 allows CSV injection via Export Section. NOTE: the vendor disputes this because "the CSV file is accurately generated based on the database contents.

Vulnerable Configurations

Part Description Count
Application
Phpmyadmin
379

Common Weakness Enumeration (CWE)

References