R. Harikrishnan

**Name of the Vulnerable Software and Affected Versions** phpMyAdmin versions 3.4.x through 3.4.7 **Description** The issue allows remote attackers to inject arbitrary web script or HTML via various crafted inputs, including database names, SQL queries, and column types, in multiple panels and dialogs, such as the Database Synchronize panel, Database rename panel, table overview panel, view creation dialog, table search dialog, and create index dialog. **Recommendations** For phpMyAdmin versions 3.4.x through 3.4.7, update to version 3.4.8 or later to resolve the issue.