CVE-2011-4634: phpMyAdmin vulnerable to Cross-site Scripting

May 17, 2022 (updated April 12, 2025)

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.4.x before 3.4.8 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted database name, related to the Database Synchronize panel; (2) a crafted database name, related to the Database rename panel; (3) a crafted SQL query, related to the table overview panel; (4) a crafted SQL query, related to the view creation dialog; (5) a crafted column type, related to the table search dialog; or (6) a crafted column type, related to the create index dialog.

References

github.com/advisories/GHSA-9j9h-cpgc-8356
github.com/phpmyadmin/phpmyadmin
nvd.nist.gov/vuln/detail/CVE-2011-4634

Code Behaviors & Features

Detect and mitigate CVE-2011-4634 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →