Low severityNVD Advisory· Published Oct 25, 2012· Updated Apr 29, 2026
CVE-2012-5339
CVE-2012-5339
Description
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.3 allow remote authenticated users to inject arbitrary web script or HTML via a crafted name of (1) an event, (2) a procedure, or (3) a trigger.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Multiple XSS vulnerabilities in phpMyAdmin 3.5.x before 3.5.3 allow authenticated users to inject arbitrary web script via crafted names of events, procedures, or triggers.
Vulnerability
phpMyAdmin versions 3.5.x prior to 3.5.3 contain multiple cross-site scripting (XSS) vulnerabilities in the handling of event, procedure, and trigger names. The unsanitized output occurs in error messages (e.g., after a failed DROP query) and in the drop SQL confirmation dialog, allowing injection of arbitrary HTML and JavaScript. [1][4]
Exploitation
An attacker must be an authenticated user with privileges to create or modify events, procedures, or triggers. By crafting a name containing malicious script, the payload is executed when the name is displayed in error messages or the drop SQL dialog. The attacker does not require any additional user interaction beyond normal administrative actions. [2][3][4]
Impact
Successful exploitation enables the attacker to inject arbitrary web script or HTML into the phpMyAdmin interface, potentially leading to session hijacking, defacement, or other client-side attacks within the context of the authenticated user's session. [1][4]
Mitigation
Upgrade to phpMyAdmin 3.5.3 or later, released on 2012-10-12. Patches are available in commits cfd688d and 6ea8fad. No workaround is documented; upgrading is the recommended solution. [2][3][4]
References
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
phpmyadmin/phpmyadminPackagist | >= 3.5, < 3.5.3 | 3.5.3 |
Affected products
8cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.0.0:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.2.2:*:*:*:*:*:*:*
- (no CPE)range: <3.5.3
- ghsa-coords2 versions
>= 3.5, < 3.5.3+ 1 more
- (no CPE)range: >= 3.5, < 3.5.3
- (no CPE)range: < 4.6.5.2-1.1
Patches
26ea8fad3f999triggers, routines, events : escape drop sql
2 files changed · +4 −4
js/rte/common.js+1 −1 modified@@ -318,7 +318,7 @@ $(document).ready(function () { /** * @var question String containing the question to be asked for confirmation */ - var question = $('<div/>').text($curr_row.children('td').children('.drop_sql').html()); + var question = $('<div/>').text($curr_row.children('td').children('.drop_sql').text()); // We ask for confirmation first here, before submitting the ajax request $(this).PMA_confirm(question, $(this).attr('href'), function (url) { /**
libraries/rte/rte_list.lib.php+3 −3 modified@@ -121,7 +121,7 @@ function PMA_RTN_getRowForList($routine, $rowclass = '') $retval = " <tr class='noclick $rowclass'>\n"; $retval .= " <td>\n"; - $retval .= " <span class='drop_sql hide'>$sql_drop</span>\n"; + $retval .= " <span class='drop_sql hide'>" . htmlspecialchars($sql_drop) . "</span>\n"; $retval .= " <strong>\n"; $retval .= " " . htmlspecialchars($routine['SPECIFIC_NAME']) . "\n"; $retval .= " </strong>\n"; @@ -223,7 +223,7 @@ function PMA_TRI_getRowForList($trigger, $rowclass = '') $retval = " <tr class='noclick $rowclass'>\n"; $retval .= " <td>\n"; - $retval .= " <span class='drop_sql hide'>{$trigger['drop']}</span>\n"; + $retval .= " <span class='drop_sql hide'>" . htmlspecialchars($trigger['drop']) . "</span>\n"; $retval .= " <strong>\n"; $retval .= " " . htmlspecialchars($trigger['name']) . "\n"; $retval .= " </strong>\n"; @@ -297,7 +297,7 @@ function PMA_EVN_getRowForList($event, $rowclass = '') $retval = " <tr class='noclick $rowclass'>\n"; $retval .= " <td>\n"; - $retval .= " <span class='drop_sql hide'>$sql_drop</span>\n"; + $retval .= " <span class='drop_sql hide'>" . htmlspecialchars($sql_drop) . "</span>\n"; $retval .= " <strong>\n"; $retval .= " " . htmlspecialchars($event['EVENT_NAME']) . "\n"; $retval .= " </strong>\n";
cfd688d2512dtriggers, routines, events : escape sql queries in error messages
3 files changed · +80 −27
libraries/rte/rte_events.lib.php+26 −9 modified@@ -99,23 +99,36 @@ function PMA_EVN_handleEditor() $drop_item = "DROP EVENT " . PMA_backquote($_REQUEST['item_original_name']) . ";\n"; $result = PMA_DBI_try_query($drop_item); if (! $result) { - $errors[] = sprintf(__('The following query has failed: "%s"'), $drop_item) . '<br />' - . __('MySQL said: ') . PMA_DBI_getError(null); + $errors[] = sprintf( + __('The following query has failed: "%s"'), + htmlspecialchars($drop_item) + ) + . '<br />' + . __('MySQL said: ') . PMA_DBI_getError(null); } else { $result = PMA_DBI_try_query($item_query); if (! $result) { - $errors[] = sprintf(__('The following query has failed: "%s"'), $item_query) . '<br />' - . __('MySQL said: ') . PMA_DBI_getError(null); + $errors[] = sprintf( + __('The following query has failed: "%s"'), + htmlspecialchars($item_query) + ) + . '<br />' + . __('MySQL said: ') . PMA_DBI_getError(null); // We dropped the old item, but were unable to create the new one // Try to restore the backup query $result = PMA_DBI_try_query($create_item); if (! $result) { // OMG, this is really bad! We dropped the query, failed to create a new one // and now even the backup query does not execute! // This should not happen, but we better handle this just in case. - $errors[] = __('Sorry, we failed to restore the dropped event.') . '<br />' - . __('The backed up query was:') . "\"$create_item\"" . '<br />' - . __('MySQL said: ') . PMA_DBI_getError(null); + $errors[] = __( + 'Sorry, we failed to restore the dropped event.' + ) + . '<br />' + . __('The backed up query was:') + . "\"" . htmlspecialchars($create_item) . "\"" + . '<br />' + . __('MySQL said: ') . PMA_DBI_getError(null); } } else { $message = PMA_Message::success(__('Event %1$s has been modified.')); @@ -127,8 +140,12 @@ function PMA_EVN_handleEditor() // 'Add a new item' mode $result = PMA_DBI_try_query($item_query); if (! $result) { - $errors[] = sprintf(__('The following query has failed: "%s"'), $item_query) . '<br /><br />' - . __('MySQL said: ') . PMA_DBI_getError(null); + $errors[] = sprintf( + __('The following query has failed: "%s"'), + htmlspecialchars($item_query) + ) + . '<br /><br />' + . __('MySQL said: ') . PMA_DBI_getError(null); } else { $message = PMA_Message::success(__('Event %1$s has been created.')); $message->addParam(PMA_backquote($_REQUEST['item_name']));
libraries/rte/rte_routines.lib.php+34 −11 modified@@ -249,23 +249,36 @@ function PMA_RTN_handleEditor() $drop_routine = "DROP {$_REQUEST['item_original_type']} " . PMA_backquote($_REQUEST['item_original_name']) . ";\n"; $result = PMA_DBI_try_query($drop_routine); if (! $result) { - $errors[] = sprintf(__('The following query has failed: "%s"'), $drop_routine) . '<br />' - . __('MySQL said: ') . PMA_DBI_getError(null); + $errors[] = sprintf( + __('The following query has failed: "%s"'), + htmlspecialchars($drop_routine) + ) + . '<br />' + . __('MySQL said: ') . PMA_DBI_getError(null); } else { $result = PMA_DBI_try_query($routine_query); if (! $result) { - $errors[] = sprintf(__('The following query has failed: "%s"'), $routine_query) . '<br />' - . __('MySQL said: ') . PMA_DBI_getError(null); + $errors[] = sprintf( + __('The following query has failed: "%s"'), + htmlspecialchars($routine_query) + ) + . '<br />' + . __('MySQL said: ') . PMA_DBI_getError(null); // We dropped the old routine, but were unable to create the new one // Try to restore the backup query $result = PMA_DBI_try_query($create_routine); if (! $result) { // OMG, this is really bad! We dropped the query, failed to create a new one // and now even the backup query does not execute! // This should not happen, but we better handle this just in case. - $errors[] = __('Sorry, we failed to restore the dropped routine.') . '<br />' - . __('The backed up query was:') . "\"$create_routine\"" . '<br />' - . __('MySQL said: ') . PMA_DBI_getError(null); + $errors[] = __( + 'Sorry, we failed to restore the dropped routine.' + ) + . '<br />' + . __('The backed up query was:') + . "\"" . htmlspecialchars($create_routine) . "\"" + . '<br />' + . __('MySQL said: ') . PMA_DBI_getError(null); } } else { $message = PMA_Message::success(__('Routine %1$s has been modified.')); @@ -278,8 +291,12 @@ function PMA_RTN_handleEditor() // 'Add a new routine' mode $result = PMA_DBI_try_query($routine_query); if (! $result) { - $errors[] = sprintf(__('The following query has failed: "%s"'), $routine_query) . '<br /><br />' - . __('MySQL said: ') . PMA_DBI_getError(null); + $errors[] = sprintf( + __('The following query has failed: "%s"'), + htmlspecialchars($routine_query) + ) + . '<br /><br />' + . __('MySQL said: ') . PMA_DBI_getError(null); } else { $message = PMA_Message::success(__('Routine %1$s has been created.')); $message->addParam(PMA_backquote($_REQUEST['item_name'])); @@ -1251,8 +1268,14 @@ function PMA_RTN_handleExecute() } } else { $output = ''; - $message = PMA_message::error(sprintf(__('The following query has failed: "%s"'), $query) . '<br /><br />' - . __('MySQL said: ') . PMA_DBI_getError(null)); + $message = PMA_message::error( + sprintf( + __('The following query has failed: "%s"'), + htmlspecialchars($query) + ) + . '<br /><br />' + . __('MySQL said: ') . PMA_DBI_getError(null) + ); } // Print/send output if ($GLOBALS['is_ajax_request']) {
libraries/rte/rte_triggers.lib.php+20 −7 modified@@ -72,23 +72,36 @@ function PMA_TRI_handleEditor() $drop_item = $trigger['drop'] . ';'; $result = PMA_DBI_try_query($drop_item); if (! $result) { - $errors[] = sprintf(__('The following query has failed: "%s"'), $drop_item) . '<br />' - . __('MySQL said: ') . PMA_DBI_getError(null); + $errors[] = sprintf( + __('The following query has failed: "%s"'), + htmlspecialchars($drop_item) + ) + . '<br />' + . __('MySQL said: ') . PMA_DBI_getError(null); } else { $result = PMA_DBI_try_query($item_query); if (! $result) { - $errors[] = sprintf(__('The following query has failed: "%s"'), $item_query) . '<br />' - . __('MySQL said: ') . PMA_DBI_getError(null); + $errors[] = sprintf( + __('The following query has failed: "%s"'), + htmlspecialchars($item_query) + ) + . '<br />' + . __('MySQL said: ') . PMA_DBI_getError(null); // We dropped the old item, but were unable to create the new one // Try to restore the backup query $result = PMA_DBI_try_query($create_item); if (! $result) { // OMG, this is really bad! We dropped the query, failed to create a new one // and now even the backup query does not execute! // This should not happen, but we better handle this just in case. - $errors[] = __('Sorry, we failed to restore the dropped trigger.') . '<br />' - . __('The backed up query was:') . "\"$create_item\"" . '<br />' - . __('MySQL said: ') . PMA_DBI_getError(null); + $errors[] = __( + 'Sorry, we failed to restore the dropped trigger.' + ) + . '<br />' + . __('The backed up query was:') + . "\"" . htmlspecialchars($create_item) . "\"" + . '<br />' + . __('MySQL said: ') . PMA_DBI_getError(null); } } else { $message = PMA_Message::success(__('Trigger %1$s has been modified.'));
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
8- www.phpmyadmin.net/home_page/security/PMASA-2012-6.phpnvdPatchVendor AdvisoryWEB
- github.com/phpmyadmin/phpmyadmin/commit/6ea8fad3f999bfdf79eb6fe31309592bca54d611nvdPatchWEB
- github.com/phpmyadmin/phpmyadmin/commit/cfd688d2512df9827a8ecc0412fc264fc5bcb186nvdPatchWEB
- github.com/advisories/GHSA-rfpg-2fp8-2fphghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2012-5339ghsaADVISORY
- lists.opensuse.org/opensuse-updates/2012-11/msg00033.htmlnvdWEB
- web.archive.org/web/20121020000514/http://www.securityfocus.com/bid/55925ghsaWEB
- www.securityfocus.com/bid/55925nvd
News mentions
0No linked articles in our index yet.