-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from improper neutralization of username input during SQL query construction in user account management functions. Multiple sources reference the user accounts page (server_privileges.php) and username validation AJAX calls as the attack vector. The PHPMyAdmin security advisory explicitly links the fix to user account query construction (commit c86acbf), and third-party PoCs demonstrate SQL injection via username parameters. While exact function names aren't explicitly listed in public disclosures, the file paths and component responsibilities align with the described vulnerability pattern of direct user input interpolation into SQL commands.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| phpmyadmin/phpmyadmin | composer | >= 4.0.0, < 4.9.4 | 4.9.4 |
| phpmyadmin/phpmyadmin | composer | >= 5.0.0, < 5.0.1 | 5.0.1 |
Ongoing coverage of React2Shell