Description
Cross-site scripting (XSS) vulnerability in setup.php in phpMyAdmin before 2.11.8 allows user-assisted remote attackers to inject arbitrary web script or HTML via crafted setup arguments. NOTE: this issue can only be exploited in limited scenarios in which the attacker must be able to modify config/config.inc.php.
Remediation
References
Related Vulnerabilities
WordPress Plugin BuddyPress Cover Arbitrary File Upload (2.1.4.2)
phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2022-0813)
PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-3436)
Apache read beyond bounds via ap_rwrite() Vulnerability (CVE-2022-28614)