PMASA-2025-1

Announcement-ID: PMASA-2025-1

Date: 2025-01-20

Summary

XSS when checking tables

Description

An XSS vulnerability has been discovered with the phpMyAdmin "Check tables" feature. A specially–crafted table or database name could be used to trigger an XSS attack.

Severity

We consider this vulnerability to be of moderate severity.

Affected Versions

phpMyAdmin versions 5.x prior to 5.2.2 are affected.

Solution

Upgrade to phpMyAdmin 5.2.2 or newer or apply patch listed below.

References

Thanks to bluebird for reporting this vulnerability.

Assigned CVE ids: Not yet assigned

CWE ids: CWE-661

Patches

The following commits have been made to fix this issue:

More information

For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.

Announcements