CVE-2023-25727: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

February 13, 2023 (updated February 23, 2023)

In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface.

References

github.com/advisories/GHSA-6hr3-44gx-g6wh
nvd.nist.gov/vuln/detail/CVE-2023-25727
www.phpmyadmin.net/security/PMASA-2023-1/

Detect and mitigate CVE-2023-25727 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →