Lwang

**Name of the Vulnerable Software and Affected Versions** phpMyAdmin version 2.7.0 **Description** A SQL injection issue allows remote authenticated users to execute arbitrary SQL commands via the `dbname` and `checkprivs` parameters in the server privileges.php file. However, the vendor and a third party have disputed this issue, stating that the program's main task is to support query execution by authenticated users and no external attack scenario exists without an auto-login configuration. **Recommendations** For phpMyAdmin version 2.7.0, consider restricting access to the server privileges.php file and limiting the use of the `dbname` and `checkprivs` parameters to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.