An issue was discovered in phpMyAdmin before 4.9.0.1. A vulnerability was reported where a specially crafted database name can be used to trigger an SQL injection attack through the designer feature.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HPhpmyadmin
APPPhpmyadmin< 4.9.0.1
Related vulnerabilities
Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 a...
SQL Injection vulnerability in function getTableCreationQuery in CreateAddField.php in phpMyAdmin 5.x before 5...
An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection v...
phpMyAdmin before 4.9.2 does not escape certain Git information, related to libraries/classes/Display/GitRevis...
An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL...