Cross-site Scripting vulnerability in drag-and-drop upload of phpMyAdmin

In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger Cross-site Scripting XSS by uploading a crafted .sql file through the drag-and-drop interface. By disabling the configuration directive $cfg'enabledragdropimport', users will be unable to use the drag and drop...

GHSA-6HR3-44GX-G6WH Cross-site Scripting vulnerability in drag-and-drop upload of phpMyAdmin

In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger Cross-site Scripting XSS by uploading a crafted .sql file through the drag-and-drop interface. By disabling the configuration directive $cfg'enabledragdropimport', users will be unable to use the drag and drop...

CVE-2023-25727

In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface...

CVE-2023-25727

In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface...

DEBIAN-CVE-2023-25727

In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface...

CVE-2023-25727

In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface...

Information disclosure

In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface...

UBUNTU-CVE-2023-25727

In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface...

phpMyAdmin 跨站脚本漏洞

phpMyAdmin is a free, web-based MySQL database management tool from the phpMyAdmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. A security vulnerability exists in phpMyAdmin versions prior...

CVE-2023-25727

In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface...

CVE-2023-25727

In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface...

CVE-2023-25727

CVE-2023-25727 is an authenticated-user XSS in phpMyAdmin triggered by uploading a crafted .sql file via drag-and-drop. Public details in the connected sources identify affected versions as: phpMyAdmin before 4.9.11 and 5.x before 5.2.1. Debian LTS advisory DLA-4121-1 notes that Debian Bullseye p...

CVE-2023-25727

In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface...

Vulnerability fixed in phpMyAdmin

A vulnerability has been fixed in phpMyAdmin. A authenticated malicious party can exploit the vulnerability for a cross-site scripting attack via uploading a rogue .sql file. Such an attack may result in the execution of arbitrary code under the scope of the browser of the victim. In this...

phpMyAdmin SQL Injection Vulnerability (CNVD-2023-09611)

phpMyAdmin is a free, web-based MySQL database management tool from the phpMyAdmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. A security vulnerability exists in phpMyAdmin, which stems...

phpMyAdmin 4.3.x < 4.9.11, 5.2.x < 5.2.1 XSS Vulnerability - Windows

phpMyAdmin is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

phpMyAdmin 4.3.x < 4.9.11, 5.2.x < 5.2.1 XSS Vulnerability - Linux

phpMyAdmin is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

PT-2023-6769 · Unknown +3 · Phpmyadmin +3

Name of the Vulnerable Software and Affected Versions: phpMyAdmin versions 4.9.11 and earlier phpMyAdmin versions 5.x before 5.2.1 Description: The issue arises due to inadequate protection of the web page structure in phpMyAdmin, allowing an authenticated user to trigger Cross-site Scripting XSS...

phpMyAdmin -- XSS vulnerability in drag-and-drop upload

phpMyAdmin Team reports: PMASA-2023-1 XSS vulnerability in drag-and-drop upload...

XSS vulnerability in drag-and-drop upload

PMASA-2023-1 Announcement-ID: PMASA-2023-1 Date: 2023-02-07 Summary XSS vulnerability in drag-and-drop upload Description An XSS vulnerability has been discovered where an authenticated user can trigger an XSS attack by uploading a specially-crafted .sql file through the drag-and-drop interface...