In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| phpmyadmin/phpmyadmin(Packagist) | 4.3.0 | 4.9.11 | N/A |
| phpmyadmin/phpmyadmin(Packagist) | 5.0 | 5.2.1 | N/A |
CVSS Metrics
