Description
In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not properly escaped when generating certain queries for search actions in libraries/classes/Controllers/Table/TableSearchController.php. An attacker can generate a crafted database or table name. The attack can be performed if a user attempts certain search operations on the malicious database or table.
Remediation
References
Related Vulnerabilities
WordPress Plugin All-In-One Security (AIOS)-Security and Firewall SQL Injection (4.0.8)
Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2019-10086)
WordPress Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability (CVE-2022-3590)
WordPress Plugin DukaPress TimThumb Arbitrary File Upload (2.3.2)