DEBIAN-CVE-2023-25727

DEBIAN-CVE-2023-25727 PUBLISHED CVSS 5.400000095367432 MEDIUM

In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface.

Risk Scores

CVSS 3.1

5.400000095367432

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Affected Products

Vendor	Product	Versions
Debian:14	phpmyadmin	0
Debian:11	phpmyadmin	0, 4:5.0.4+dfsg2-2, 0
Debian:12	phpmyadmin	0, 0, 0
Debian:13	phpmyadmin	0, 0, 0

Timeline

Feb 13, 2023 CVE Published
May 7, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2023-25727 advisory

Open in Interactive Console →