phpmyadmin/phpmyadmin is vulnerable to SQL Injection. The vulnerability exists due to the getTableCreationQuery
function in DCreateAddField.php
, which allows an attacker to inject and execute malicious SQL queries on the system via the tbl_storage_engine
or tbl_collation
parameters through tbl_create.php
.