Bluebird

**Name of the Vulnerable Software and Affected Versions** phpMyAdmin versions 5.x prior to 5.2.2 **Description** An issue has been discovered in the check tables feature of phpMyAdmin, where a crafted table or database name could be used for XSS. This allows for potential exploitation of the XSS weakness. **Recommendations** To protect databases from remote exploitation, update to version 5.2.2. As a temporary workaround, consider restricting the use of crafted table or database names in the check tables feature until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** phpMyAdmin versions 4.x through 4.9.4 phpMyAdmin versions 5.x through 5.0.1 **Description** A SQL injection issue was found in the retrieval of the current username, specifically in libraries/classes/Server/Privileges.php and libraries/classes/UserPassword.php. This could allow a malicious user with server access to create a crafted username and trick a victim into performing specific actions with that user account, such as editing its privileges. **Recommendations** For phpMyAdmin versions 4.x through 4.9.4, update to version 4.9.5 or later. For phpMyAdmin versions 5.x through 5.0.1, update to version 5.0.2 or later.