An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query. CREATE(Triage):(User=admin) [CVE-2020-26935|https://nvd.nist.gov/vuln/detail/CVE-2020-26935]
