Severity Level: Medium
Title:
Multiple Vulnerabilities in phpMyAdmin
Summary:
phpMyAdmin, a widely-used web-based tool for managing MySQL and MariaDB databases, has
released its latest version, 5.2.2, addressing critical security vulnerabilities. This update includes fixes
for two cross-site scripting (XSS) vulnerabilities and a potential vulnerability related to the
glibc/iconv library.
Vulnerabilities Details:
• CVE-2025-24530 (XSS in “Check tables”)
o An attacker could exploit this vulnerability using a specially-crafted table name to
inject malicious scripts into the application.
• CVE-2025-24529 (XSS in “Insert”)
o This vulnerability could allow malicious scripts to be executed by manipulating the
"Insert" functionality.
• CVE-2024-2961 (glibc/iconv Library Vulnerability)
o A potential vulnerability in the glibc/iconv library could allow arbitrary code
execution under specific circumstances.
Successful exploitation of these vulnerabilities could allow attackers to inject malicious scripts,
potentially leading to unauthorized actions, session hijacking, data theft, and compromise of user
accounts and sensitive information.
Affected Versions:
• phpMyAdmin versions 5.x prior to 5.2.2
Fixed Versions:
• phpMyAdmin 5.2.2 or later.
Recommendations:
We recommend to upgrade the affected versions to the fixed versions at the earliest.
References:
click here