Phpmyadmin: >> Phpmyadmin >> 5.0.3 Security Vulnerabilities
In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface.
CVSS Score
5.4
EPSS Score
0.072
Published
2023-02-13
SQL Injection vulnerability in function getTableCreationQuery in CreateAddField.php in phpMyAdmin 5.x before 5.2.0 via the tbl_storage_engine or tbl_collation parameters to tbl_create.php.
CVSS Score
9.8
EPSS Score
0.029
Published
2023-01-26
PhpMyAdmin 5.1.1 and before allows an attacker to retrieve potentially sensitive information by creating invalid requests. This affects the lang parameter, the pma_parameter, and the cookie section.
CVSS Score
5.3
EPSS Score
0.004
Published
2022-03-10