CVE-2025-63948

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions phpMsAdmin version 2.2

Description A SQL Injection issue exists in the database mode.php file. An attacker can execute arbitrary SQL commands via the dbname parameter, potentially leading to information disclosure or database manipulation.

Recommendations Update phpMsAdmin to a newer version that addresses this issue. As a temporary workaround, restrict access to the database mode.php file or carefully sanitize the dbname parameter to prevent SQL injection attacks.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2025-63948

Affected Products

Phpmsadmin

CVE-2025-63948

Weakness Enumeration

Related Identifiers

Affected Products

References · 6