VYPR
← All advisories
Medium severity6.1NVD Advisory· Published Jul 3, 2016· Updated May 6, 2026

CVE-2016-5733

CVE-2016-5733

Description

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a crafted table name that is mishandled during privilege checking in table_row.phtml, (2) a crafted mysqld log_bin directive that is mishandled in log_selector.phtml, (3) the Transformation implementation, (4) AJAX error handling in js/ajax.js, (5) the Designer implementation, (6) the charts implementation in js/tbl_chart.js, or (7) the zoom-search implementation in rows_zoom.phtml.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Multiple XSS vulnerabilities in phpMyAdmin allow remote attackers to inject arbitrary web script or HTML via crafted table names, log_bin directives, and other vectors.

Vulnerability

phpMyAdmin versions 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 contain multiple cross-site scripting (XSS) vulnerabilities [1]. The flaws exist in several components: (1) a crafted table name mishandled during privilege checking in table_row.phtml, (2) a crafted mysqld log_bin directive mishandled in log_selector.phtml, (3) the Transformation implementation, (4) AJAX error handling in js/ajax.js, (5) the Designer implementation, (6) the charts implementation in js/tbl_chart.js, and (7) the zoom-search implementation in rows_zoom.phtml [1]. The Transformation plugin lacked proper output escaping, as seen in the fix that introduced PMA_jsFormat and htmlspecialchars calls [2]. The zoom-search column type was also improperly escaped before being rendered [4].

Exploitation

An attacker can exploit these vulnerabilities by injecting malicious script or HTML into the affected input fields. For the table name vector, an authenticated user with table creation or renaming privileges can embed XSS payloads in the table name, which is then reflected during privilege checks. The log_bin directive vector requires control over the MySQL server configuration. Other vectors, such as the Transformation and zoom-search flaws, may be triggered by tricking an authenticated user into interacting with a crafted link or viewing a specially crafted page [1][3]. No authentication is required for some vectors if the attacker can directly supply input via URL parameters or POST data.

Impact

Successful exploitation allows an attacker to execute arbitrary web script or HTML in the context of the victim's phpMyAdmin session. This can lead to session hijacking, credential theft, defacement, or unauthorized actions performed on behalf of the victim. The impact is limited to the phpMyAdmin interface and the privileges of the logged-in user, but could be escalated if combined with other vulnerabilities.

Mitigation

Upgrade to phpMyAdmin version 4.0.10.16, 4.4.15.7, or 4.6.3, which contain the necessary fixes [1]. The commits addressing the Transformation plugin [2] and zoom-search [4] are included in these releases. No workarounds are documented. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog as of the publication date.

References
  1. NVD - CVE-2016-5733
  2. Simplify and cleanup transformation plugins · phpmyadmin/phpmyadmin@be3ecbb
  3. phpMyAdmin CVE-2016-5733 Multiple Cross Site Scripting Vulnerabilities
  4. Properly escape zoom search column type · phpmyadmin/phpmyadmin@960fd1f

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
phpmyadmin/phpmyadminPackagist
>= 4.0.10.0, < 4.0.10.164.0.10.16
phpmyadmin/phpmyadminPackagist
>= 4.4.15.0, < 4.4.15.74.4.15.7
phpmyadmin/phpmyadminPackagist
>= 4.6.0, < 4.6.34.6.3

Affected products

3

Patches

8
615212a14d7d

Do not allow javascript: links in transformation

https://github.com/phpmyadmin/phpmyadminMichal ČihařJun 22, 2016via ghsa
commit
2 files changed · +15 7
  • libraries/plugins/transformations/abs/TextImageLinkTransformationsPlugin.php+8 3 modified
    @@ -46,9 +46,14 @@ public static function getInfo()
      */
     public function applyTransformation($buffer, $options = array(), $meta = '')
     {
-        return '<a href="' . htmlspecialchars(isset($options[0]) ? $options[0] : '')
-            . htmlspecialchars($buffer) . '" target="_blank"><img src="'
-            . htmlspecialchars(isset($options[0]) ? $options[0] : '') . htmlspecialchars($buffer)
+        $url = (isset($options[0]) ? $options[0] : '') . $buffer;
+        $parsed = parse_url($url);
+        /* Do not allow javascript links */
+        if (isset($parsed['scheme']) && $parsed['scheme'] == 'javascript') {
+            return htmlspecialchars($url);
+        }
+        return '<a href="' . htmlspecialchars($url)
+            . '" target="_blank"><img src="' . htmlspecialchars($url)
             . '" border="0" width="' . (isset($options[1]) ? $options[1] : 100)
             . '" height="' . (isset($options[2]) ? $options[2] : 50) . '" />'
             . htmlspecialchars($buffer) . '</a>';
  • libraries/plugins/transformations/abs/TextLinkTransformationsPlugin.php+7 4 modified
    @@ -46,11 +46,14 @@ public static function getInfo()
      */
     public function applyTransformation($buffer, $options = array(), $meta = '')
     {
-        $append_part = (isset($options[2]) && $options[2]) ? '' : $buffer;
-
+        $url = (isset($options[0]) ? $options[0] : '') . ((isset($options[2]) && $options[2]) ? '' : $buffer);
+        $parsed = parse_url($url);
+        /* Do not allow javascript links */
+        if (isset($parsed['scheme']) && $parsed['scheme'] == 'javascript') {
+            return htmlspecialchars($url);
+        }
         return '<a href="'
-            . htmlspecialchars(isset($options[0]) ? $options[0] : '')
-            . htmlspecialchars($append_part)
+            . htmlspecialchars($url)
             . '" title="'
             . htmlspecialchars(isset($options[1]) ? $options[1] : '')
             . '" target="_new">'
4d21b5c077db

Fixed rendering of chart of columns with HTML inside

https://github.com/phpmyadmin/phpmyadminMichal ČihařJun 22, 2016via ghsa
commit
1 file changed · +1 1
  • js/tbl_chart.js+1 1 modified
    @@ -156,7 +156,7 @@ function drawChart() {
 
     var columnNames = [];
     $('select[name="chartXAxis"] option').each(function () {
-        columnNames.push($(this).text());
+        columnNames.push(escapeHtml($(this).text()));
     });
     try {
         currentChart = PMA_queryChart(chart_data, columnNames, currentSettings);
960fd1fd5202

Properly escape zoom search column type

https://github.com/phpmyadmin/phpmyadminMichal ČihařJun 22, 2016via ghsa
commit
1 file changed · +1 1
  • templates/table/search/rows_zoom.phtml+1 1 modified
    @@ -78,7 +78,7 @@ for ($i = 0; $i < 4; $i++): ?>
                    name="criteriaColumnTypes[<?= $i; ?>]"
                    id="types_<?= $i; ?>"
                 <?php if (isset($_POST['criteriaColumnTypes'][$i])): ?>
-                    value="<?= $_POST['criteriaColumnTypes'][$i]; ?>"
+                    value="<?= htmlspecialchars($_POST['criteriaColumnTypes'][$i]); ?>"
                 <?php endif; ?> />
             <input type="hidden"
                    name="criteriaColumnCollations[<?= $i; ?>]"
895a131d2eb7

Escape HTML when rendering AJAX error

https://github.com/phpmyadmin/phpmyadminMichal ČihařJun 20, 2016via ghsa
commit
1 file changed · +2 2
  • js/ajax.js+2 2 modified
    @@ -787,8 +787,8 @@ $(document).ajaxError(function (event, request, settings) {
         PMA_ajaxShowMessage(
             '<div class="error">' +
             PMA_messages.strErrorProcessingRequest +
-            '<div>' + errorCode + '</div>' +
-            '<div>' + errorText + '</div>' +
+            '<div>' + escapeHtml(errorCode) + '</div>' +
+            '<div>' + escapeHtml(errorText) + '</div>' +
             '</div>',
             false
         );
79661610f6f6

Escape attributes when showing images in javascript

https://github.com/phpmyadmin/phpmyadminMichal ČihařJun 20, 2016via ghsa
commit
1 file changed · +4 4
  • js/get_image.js.php+4 4 modified
    @@ -109,15 +109,15 @@ function PMA_getImage(image, alternate, attributes) {
     }
     // set alt
     if (attributes.alt != undefined) {
-        retval.attr('alt', attributes.alt);
+        retval.attr('alt', escapeHtml(attributes.alt));
     } else {
-        retval.attr('alt', alternate);
+        retval.attr('alt', escapeHtml(alternate));
     }
     // set title
     if (attributes.title != undefined) {
-        retval.attr('title', attributes.title);
+        retval.attr('title', escapeHtml(attributes.title));
     } else {
-        retval.attr('title', alternate);
+        retval.attr('title', escapeHtml(alternate));
     }
     // set src
     var klass = image.replace('.gif', '').replace('.png', '');
be3ecbb4cca3

Simplify and cleanup transformation plugins

https://github.com/phpmyadmin/phpmyadminMichal ČihařJun 17, 2016via ghsa
commit
12 files changed · +41 144
  • libraries/plugins/transformations/abs/DateFormatTransformationsPlugin.php+6 4 modified
    @@ -11,6 +11,8 @@
 use PMA;
 use PMA\libraries\plugins\TransformationsPlugin;
 
+require_once 'libraries/js_escape.lib.php';
+
 /**
  * Provides common methods for all of the date format transformations plugins.
  *
@@ -145,11 +147,11 @@ public function applyTransformation($buffer, $options = array(), $meta = '')
             } else {
                 $text = 'INVALID DATE TYPE';
             }
-            $buffer = '<dfn onclick="alert(\'' . $source . '\');" title="'
-                . $source . '">' . $text . '</dfn>';
+            return '<dfn onclick="alert(\'' . PMA_jsFormat($source, false) . '\');" title="'
+                . htmlspecialchars($source) . '">' . htmlspecialchars($text) . '</dfn>';
+        } else {
+            return htmlspecialchars($buffer);
         }
-
-        return $buffer;
     }
 
     /* ~~~~~~~~~~~~~~~~~~~~ Getters and Setters ~~~~~~~~~~~~~~~~~~~~ */
  • libraries/plugins/transformations/abs/DownloadTransformationsPlugin.php+1 1 modified
    @@ -69,7 +69,7 @@ public function applyTransformation($buffer, $options = array(), $meta = '')
             '<a href="transformation_wrapper.php%s&amp;ct=application'
             . '/octet-stream&amp;cn=%s" title="%s" class="disableAjax">%s</a>',
             $options['wrapper_link'],
-            urlencode($cn),
+            htmlspecialchars(urlencode($cn)),
             htmlspecialchars($cn),
             htmlspecialchars($cn)
         );
  • libraries/plugins/transformations/abs/ImageLinkTransformationsPlugin.php+2 10 modified
    @@ -49,16 +49,8 @@ public function applyTransformation($buffer, $options = array(), $meta = '')
     {
         // must disable the page loader, see
         // https://wiki.phpmyadmin.net/pma/Page_loader#Bypassing_the_page_loader
-        $transform_options = array(
-            'string' => '<a class="disableAjax"'
-                . ' target="_new" href="transformation_wrapper.php'
-                . $options['wrapper_link'] . '" alt="[__BUFFER__]">[BLOB]</a>',
-        );
-
-        return PMA_Transformation_globalHtmlReplace(
-            $buffer,
-            $transform_options
-        );
+        return '<a class="disableAjax" target="_new" href="transformation_wrapper.php'
+            . $options['wrapper_link'] . '" alt="[' . htmlspecialchars($buffer) . ']">[BLOB]</a>';
     }
 
     /* ~~~~~~~~~~~~~~~~~~~~ Getters and Setters ~~~~~~~~~~~~~~~~~~~~ */
  • libraries/plugins/transformations/abs/InlineTransformationsPlugin.php+11 19 modified
    @@ -49,30 +49,22 @@ public static function getInfo()
     public function applyTransformation($buffer, $options = array(), $meta = '')
     {
         if (PMA_IS_GD2) {
-            $transform_options = array(
-                'string' => '<a href="transformation_wrapper.php'
-                    . $options['wrapper_link']
-                    . '" target="_blank"><img src="transformation_wrapper.php'
-                    . $options['wrapper_link'] . '&amp;resize=jpeg&amp;newWidth='
-                    . (isset($options[0]) ? $options[0] : '100') . '&amp;newHeight='
-                    . (isset($options[1]) ? $options[1] : 100)
-                    . '" alt="[__BUFFER__]" border="0" /></a>',
-            );
+            return '<a href="transformation_wrapper.php'
+                . $options['wrapper_link']
+                . '" target="_blank"><img src="transformation_wrapper.php'
+                . $options['wrapper_link'] . '&amp;resize=jpeg&amp;newWidth='
+                . (isset($options[0]) ? $options[0] : '100') . '&amp;newHeight='
+                . (isset($options[1]) ? $options[1] : 100)
+                . '" alt="[' . htmlspecialchars($buffer) . ']" border="0" /></a>';
         } else {
-            $transform_options = array(
-                'string' => '<img src="transformation_wrapper.php'
-                    . $options['wrapper_link']
-                    . '" alt="[__BUFFER__]" width="320" height="240" />',
-            );
+            return '<img src="transformation_wrapper.php'
+                . $options['wrapper_link']
+                . '" alt="[' . htmlspecialchars($buffer) . ']" width="320" height="240" />';
         }
-
-        return PMA_Transformation_globalHtmlReplace(
-            $buffer,
-            $transform_options
-        );
     }
 
 
+
     /* ~~~~~~~~~~~~~~~~~~~~ Getters and Setters ~~~~~~~~~~~~~~~~~~~~ */
 
     /**
  • libraries/plugins/transformations/abs/LongToIPv4TransformationsPlugin.php+1 1 modified
    @@ -42,7 +42,7 @@ public static function getInfo()
     public function applyTransformation($buffer, $options = array(), $meta = '')
     {
         if ($buffer < 0 || $buffer > 4294967295) {
-            return $buffer;
+            return htmlspecialchars($buffer);
         }
 
         return long2ip($buffer);
  • libraries/plugins/transformations/abs/PreApPendTransformationsPlugin.php+1 3 modified
    @@ -46,10 +46,8 @@ public function applyTransformation($buffer, $options = array(), $meta = '')
         $options = $this->getOptions($options, array('', ''));
 
         //just prepend and/or append the options to the original text
-        $newtext = htmlspecialchars($options[0]) . $buffer
+        return htmlspecialchars($options[0]) . htmlspecialchars($buffer)
             . htmlspecialchars($options[1]);
-
-        return $newtext;
     }
 
     /* ~~~~~~~~~~~~~~~~~~~~ Getters and Setters ~~~~~~~~~~~~~~~~~~~~ */
  • libraries/plugins/transformations/abs/SubstringTransformationsPlugin.php+1 1 modified
    @@ -71,7 +71,7 @@ public function applyTransformation($buffer, $options = array(), $meta = '')
             }
         }
 
-        return $newtext;
+        return htmlspecialchars($newtext);
     }
  • libraries/plugins/transformations/abs/TextImageLinkTransformationsPlugin.php+6 18 modified
    @@ -14,9 +14,6 @@
     exit;
 }
 
-/* For PMA_Transformation_globalHtmlReplace */
-require_once 'libraries/transformations.lib.php';
-
 /**
  * Provides common methods for all of the image link transformations plugins.
  *
@@ -49,21 +46,12 @@ public static function getInfo()
      */
     public function applyTransformation($buffer, $options = array(), $meta = '')
     {
-        $transform_options = array(
-            'string' => '<a href="' . (isset($options[0]) ? $options[0] : '')
-                . $buffer . '" target="_blank"><img src="'
-                . (isset($options[0]) ? $options[0] : '') . $buffer
-                . '" border="0" width="' . (isset($options[1]) ? $options[1] : 100)
-                . '" height="' . (isset($options[2]) ? $options[2] : 50) . '" />'
-                . $buffer . '</a>',
-        );
-
-        $buffer = PMA_Transformation_globalHtmlReplace(
-            $buffer,
-            $transform_options
-        );
-
-        return $buffer;
+        return '<a href="' . htmlspecialchars(isset($options[0]) ? $options[0] : '')
+            . htmlspecialchars($buffer) . '" target="_blank"><img src="'
+            . htmlspecialchars(isset($options[0]) ? $options[0] : '') . htmlspecialchars($buffer)
+            . '" border="0" width="' . (isset($options[1]) ? $options[1] : 100)
+            . '" height="' . (isset($options[2]) ? $options[2] : 50) . '" />'
+            . htmlspecialchars($buffer) . '</a>';
     }
  • libraries/plugins/transformations/abs/TextLinkTransformationsPlugin.php+9 18 modified
    @@ -14,9 +14,6 @@
     exit;
 }
 
-/* For PMA_Transformation_globalHtmlReplace */
-require_once 'libraries/transformations.lib.php';
-
 /**
  * Provides common methods for all of the link transformations plugins.
  *
@@ -49,25 +46,19 @@ public static function getInfo()
      */
     public function applyTransformation($buffer, $options = array(), $meta = '')
     {
-
         $append_part = (isset($options[2]) && $options[2]) ? '' : $buffer;
 
-        $transform_options = array(
-            'string' => '<a href="'
-                . (isset($options[0]) ? $options[0] : '') . $append_part
-                . '" title="'
-                . htmlspecialchars(isset($options[1]) ? $options[1] : '')
-                . '" target="_new">'
-                . htmlspecialchars(isset($options[1]) ? $options[1] : $buffer)
-                . '</a>',
-        );
-
-        return PMA_Transformation_globalHtmlReplace(
-            $buffer,
-            $transform_options
-        );
+        return '<a href="'
+            . htmlspecialchars(isset($options[0]) ? $options[0] : '')
+            . htmlspecialchars($append_part)
+            . '" title="'
+            . htmlspecialchars(isset($options[1]) ? $options[1] : '')
+            . '" target="_new">'
+            . htmlspecialchars(isset($options[1]) ? $options[1] : $buffer)
+            . '</a>';
     }
 
+
     /* ~~~~~~~~~~~~~~~~~~~~ Getters and Setters ~~~~~~~~~~~~~~~~~~~~ */
 
     /**
  • libraries/transformations.lib.php+0 38 modified
    @@ -400,44 +400,6 @@ function PMA_setMIME($db, $table, $key, $mimetype, $transformation,
  * GLOBAL Plugin functions
  */
 
-
-/**
- * Replaces "[__BUFFER__]" occurrences found in $options['string'] with the text
- * in $buffer, after performing a regular expression search and replace on
- * $buffer using $options['regex'] and $options['regex_replace'].
- *
- * @param string $buffer  text that will be replaced in $options['string'],
- *                        after being formatted
- * @param array  $options the options required to format $buffer
- *     = array (
- *         'string'        => 'string', // text containing "[__BUFFER__]"
- *         'regex'         => 'mixed',  // the pattern to search for
- *         'regex_replace' => 'mixed',  // string or array of strings to replace
- *                                      // with
- *     );
- *
- * @return string containing the text with all the replacements
- */
-function PMA_Transformation_globalHtmlReplace($buffer, $options = array())
-{
-    if (! isset($options['string'])) {
-        $options['string'] = '';
-    }
-
-    if (isset($options['regex']) && isset($options['regex_replace'])) {
-        $buffer = preg_replace(
-            '@' . str_replace('@', '\@', $options['regex']) . '@si',
-            $options['regex_replace'],
-            $buffer
-        );
-    }
-
-    // Replace occurrences of [__BUFFER__] with actual text
-    $return = str_replace("[__BUFFER__]", $buffer, $options['string']);
-    return $return;
-}
-
-
 /**
  * Delete related transformation details
  * after deleting database. table or column
  • test/classes/plugin/transformations/TransformationPluginsTest.php+3 3 modified
    @@ -780,7 +780,7 @@ public function transformationDataProvider()
                 '<a href="transformation_wrapper.phpPMA_wrapper_link" '
                 . 'target="_blank"><img src="transformation_wrapper.php'
                 . 'PMA_wrapper_link&amp;resize=jpeg&amp;newWidth=./image/&amp;'
-                . 'newHeight=200" alt="PMA_JPEG_Inline" border="0" /></a>'
+                . 'newHeight=200" alt="[PMA_JPEG_Inline]" border="0" /></a>'
             ),
             array(
                 new Image_JPEG_Link(),
@@ -790,7 +790,7 @@ public function transformationDataProvider()
                 ),
                 '<a class="disableAjax" target="_new"'
                 . ' href="transformation_wrapper.phpPMA_wrapper_link"'
-                . ' alt="PMA_IMAGE_LINK">[BLOB]</a>'
+                . ' alt="[PMA_IMAGE_LINK]">[BLOB]</a>'
             ),
             array(
                 new Image_PNG_Inline(),
@@ -802,7 +802,7 @@ public function transformationDataProvider()
                 . ' target="_blank"><img src="transformation_wrapper.php'
                 . 'PMA_wrapper_link&amp;'
                 . 'resize=jpeg&amp;newWidth=./image/&amp;newHeight=200" '
-                . 'alt="PMA_PNG_Inline" border="0" /></a>'
+                . 'alt="[PMA_PNG_Inline]" border="0" /></a>'
             ),
             array(
                 new Text_Plain_Dateformat(),
  • test/libraries/PMA_transformation_test.php+0 28 modified
    @@ -208,34 +208,6 @@ public function testGetMime()
         );
     }
 
-    /**
-     * Test for PMA_Transformation_globalHtmlReplace
-     *
-     * @return void
-     */
-    public function testTransformationGlobalHtmlReplace()
-    {
-        // Case 1
-        $actual = PMA_Transformation_globalHtmlReplace('', array());
-        $this->assertEquals(
-            '',
-            $actual
-        );
-
-        // Case 2
-        $buffer = 'foobar';
-        $options = array(
-            'regex' => 'foo',
-            'regex_replace' => 'bar',
-            'string' => 'x[__BUFFER__]x'
-        );
-        $actual = PMA_Transformation_globalHtmlReplace($buffer, $options);
-        $this->assertEquals(
-            'xbarbarx',
-            $actual
-        );
-    }
-
     /**
      * Test for PMA_clearTransformations
      *
d648ade18d6c

Escape binary log name

https://github.com/phpmyadmin/phpmyadminMichal ČihařJun 17, 2016via ghsa
commit
1 file changed · +3 3
  • templates/server/binlog/log_selector.phtml+3 3 modified
    @@ -7,8 +7,8 @@
         <?php $full_size = 0; ?>
         <select name="log">
             <?php foreach ($binary_logs as $each_log): ?>
-                <option value="<?= $each_log['Log_name']; ?>"<?= ($each_log['Log_name'] == $_REQUEST['log'] ? ' selected="selected"' : ''); ?>>
-                    <?= $each_log['Log_name']; ?>
+                <option value="<?= htmlspecialchars($each_log['Log_name']); ?>"<?= ($each_log['Log_name'] == $_REQUEST['log'] ? ' selected="selected"' : ''); ?>>
+                    <?= htmlspecialchars($each_log['Log_name']); ?>
                     <?php if (isset($each_log['File_size'])): ?>
                         (<?= implode(' ', \PMA\libraries\Util::formatByteDown($each_log['File_size'], 3, 2)); ?>)
                         <?php $full_size += $each_log['File_size']; ?>
@@ -24,4 +24,4 @@
     <fieldset class="tblFooters">
         <input type="submit" value="<?= __('Go'); ?>" />
     </fieldset>
-</form>
\ No newline at end of file
+</form>
8716855b309d

Properly escape translated string

https://github.com/phpmyadmin/phpmyadminMichal ČihařJun 17, 2016via ghsa
commit
1 file changed · +2 2
  • templates/server/databases/table_row.phtml+2 2 modified
    @@ -58,8 +58,8 @@
     <td class="tool">
         <a onclick="PMA_commonActions.setDb('<?= PMA_jsFormat($current['SCHEMA_NAME']) ?>');"
            href="server_privileges.php<?= $url_query; ?>&amp;db=<?= urlencode($current['SCHEMA_NAME']); ?>&amp;checkprivsdb=<?= urlencode($current['SCHEMA_NAME']); ?>"
-           title="<?= sprintf(__('Check privileges for database "%s".'), htmlspecialchars($current['SCHEMA_NAME'])); ?>">
+           title="<?= htmlspecialchars(sprintf(__('Check privileges for database "%s".'), $current['SCHEMA_NAME'])); ?>">
            <?= \PMA\libraries\Util::getIcon('s_rights.png', __('Check privileges')); ?>
         </a>
     </td>
-</tr>
\ No newline at end of file
+</tr>

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

18

News mentions

0

No linked articles in our index yet.