CVE-2016-2045

Name of the Vulnerable Software and Affected Versions phpMyAdmin versions 4.5.x prior to 4.5.4

Description The issue allows remote authenticated users to inject arbitrary web script or HTML via a SQL query that triggers JSON data in a response, due to a cross-site scripting (XSS) vulnerability in the SQL editor.

Recommendations For phpMyAdmin versions 4.5.x prior to 4.5.4, update to version 4.5.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the SQL editor to minimize the risk of exploitation. Avoid using the SQL editor to execute queries that may trigger JSON data in a response until the issue is resolved.