CVE-2023-25727

Name of the Vulnerable Software and Affected Versions phpMyAdmin versions 4.9.11 and earlier phpMyAdmin versions 5.x before 5.2.1

Description The issue arises due to inadequate protection of the web page structure in phpMyAdmin, allowing an authenticated user to trigger Cross-site Scripting (XSS) by uploading a crafted .sql file through the drag-and-drop interface. This can be exploited by a remote attacker to conduct an XSS attack.

Recommendations For phpMyAdmin versions 4.9.11 and earlier, update to version 4.9.11 or later. For phpMyAdmin versions 5.x before 5.2.1, update to version 5.2.1 or later. As a temporary workaround, consider disabling the configuration directive $cfg['enable drag drop import'] to prevent the use of the drag-and-drop upload feature, which would protect against the vulnerability.