Description
An issue was discovered in phpMyAdmin. In the user interface preference feature, a user can execute an SQL injection attack against the account of the control user. All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected.
Remediation
References
Related Vulnerabilities
WordPress Plugin Users Ultra Membership Cross-Site Scripting (1.5.78)
WordPress Plugin WP Ultimate Email Marketer Multiple Vulnerabilities (1.1.0)
WordPress Plugin Remove Schema Cross-Site Request Forgery (1.4)
WordPress Plugin WP Statistics SQL Injection (9.4)
Piwigo Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-10680)