CVE-2020-10803: 
PHP vulnerability analysis and mitigation

CVE-2020-10803 affects phpMyAdmin versions 4.x before 4.9.5 and 5.x before 5.0.2. The vulnerability was discovered and disclosed on March 22, 2020, where malicious code could be used to trigger an XSS attack through retrieving and displaying results in tbl_get_field.php and libraries/classes/Display/Results.php (NVD, PHPMYADMIN).

The vulnerability is a combination of SQL injection and Cross-Site Scripting (XSS) with a CVSS v3.1 base score of 5.4 (Medium) and vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N. The attack requires the attacker to have the ability to insert specially-crafted data into certain database tables, which when retrieved through features like the Browse tab can trigger the XSS attack (NVD, PHPMYADMIN).

The vulnerability allows attackers to execute cross-site scripting (XSS) attacks through SQL injection techniques. When successfully exploited, it can lead to the exposure of sensitive information and potential manipulation of web content displayed to users. The severity is considered moderate by the phpMyAdmin team (PHPMYADMIN).

Users are advised to upgrade to phpMyAdmin version 4.9.5 or 5.0.2 or newer to address this vulnerability. Several patches have been released through commits 2489837213b90664aceebe4c9ac641bf167b8a97, 46a7aa7cd4ff2be0eeb23721fbf71567bebe69a5, and 6b9b2601d8af916659cde8aefd3a6eaadd10284a (PHPMYADMIN).

Multiple Linux distributions responded promptly to the vulnerability by releasing security updates, including Fedora, openSUSE, and Debian. The updates were distributed through their respective package management systems to address the security concerns (DEBIAN, FEDORA).