phpmyadmin/phpmyadmin is a web interface for MySQL and MariaDB.
Affected versions of this package are vulnerable to SQL Injection in retrieval of the current username (in
libraries/classes/UserPassword.php). A malicious user with access to the server could create a crafted username, and then trick the victim into performing specific actions with that user account (such as editing its privileges).
phpmyadmin/phpmyadmin to version 4.9.5, 5.0.2 or higher.