CVE-2016-2561

Name of the Vulnerable Software and Affected Versions phpMyAdmin versions 4.4.x through 4.4.15.4 phpMyAdmin versions 4.5.x through 4.5.5.0

Description The issue allows remote authenticated users to inject arbitrary web script or HTML. This can be achieved via several pages, including the database normalization page, which includes normalization.php or js/normalization.js, the database structure page, which includes templates/database/structure/sortable header.phtml, or the central columns page by manipulating the pos parameter to db central columns.php.

Recommendations For phpMyAdmin versions 4.4.x through 4.4.15.4, update to version 4.4.15.5 or later. For phpMyAdmin versions 4.5.x through 4.5.5.0, update to version 4.5.5.1 or later.