In phpMyAdmin 4 prior to 4.9.4 and 5 prior to 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
phpmyadmin phpmyadmin |
||
suse suse linux enterprise server 12 |
||
debian debian linux 8.0 |