The phpMyAdmin development team reports:
XSS in table Print view.
Via a crafted MIME-type transformation parameter, an attacker can perform a local file inclusion.
In the 'relational schema' code a parameter was not sanitized before being used to concatenate a class name. The end result is a local file inclusion vulnerability and code execution.
It was possible to manipulate the PHP session superglobal using some of the Swekey authentication code. This is very similar to PMASA-2011-5, documented in 7e4e5c53-a56c-11e0-b180-00216aa06fc2