Cross-Site Scripting Vulnerability in phpMyAdmin by phpMyAdmin Development Team
CVE-2023-25727

5.4MEDIUM

Key Information:

Vendor

PHPmyadmin

Vendor
CVE Published:
13 February 2023

What is CVE-2023-25727?

In phpMyAdmin versions prior to 4.9.11 and 5.2.1, an authenticated user may exploit a vulnerability by uploading a specially crafted .sql file via the drag-and-drop feature. This can lead to cross-site scripting (XSS) issues, allowing attackers to execute malicious scripts in the context of the user's session. This vulnerability highlights the importance of keeping phpMyAdmin updated and properly reviewing uploaded files to mitigate security risks.

References

EPSS Score

8% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.