phpmyadmin/phpmyadmin is a web interface for MySQL and MariaDB.
Affected versions of this package are vulnerable to SQL Injection via the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server.
phpmyadmin/phpmyadmin to version 4.9.4, 5.0.1 or higher.