Williamdes

**Name of the Vulnerable Software and Affected Versions** resumable.php versions 0.1.4 through 3c6dbf5 **Description** The issue allows arbitrary file upload anywhere in the filesystem via ../ in multipart/form-data content to `upload.php`. It is noted that file overwrite has not been possible with the code available in GitHub in recent years. **Recommendations** For versions 0.1.4 through 3c6dbf5, consider disabling the `upload.php` script until a patch is available to prevent arbitrary file uploads. Restrict access to the `upload.php` endpoint to minimize the risk of exploitation. Avoid using the `../` path traversal in the `multipart/form-data` content to prevent uploading files to unintended locations.

**Name of the Vulnerable Software and Affected Versions** phpMyAdmin versions prior to 5.2.0 **Description** The issue is related to a SQL Injection vulnerability in the getTableCreationQuery function in CreateAddField.php. This vulnerability can be exploited via the `tbl storage engine` or `tbl collation` parameters to "tbl create.php". **Recommendations** For versions prior to 5.2.0, update to version 5.2.0 or later to resolve the issue.