CVE-2020-22452: 
PHP vulnerability analysis and mitigation

CVE-2020-22452 is a SQL Injection vulnerability discovered in phpMyAdmin versions 5.x before 5.2.0. The vulnerability exists in the function getTableCreationQuery within CreateAddField.php, which can be exploited via the tblstorageengine or tblcollation parameters to tblcreate.php (NVD, CVE).

The vulnerability has been assigned a CVSS v3.1 Base Score of 9.8 (CRITICAL) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The issue specifically occurs in the getTableCreationQuery function located in CreateAddField.php, where insufficient input validation allows for SQL injection through the tblstorageengine or tblcollation parameters when making requests to tblcreate.php (NVD).

Due to the critical CVSS score of 9.8, this vulnerability poses a severe risk as it allows attackers to potentially execute arbitrary SQL commands on the underlying database. The vulnerability could lead to unauthorized access, data manipulation, or complete compromise of the database system (NVD).

The vulnerability was fixed in phpMyAdmin version 5.2.0. The fix involved implementing proper escaping of the tblstorageengine argument. Users are advised to upgrade to phpMyAdmin version 5.2.0 or later to mitigate this vulnerability (GitHub PR).