A vulnerability in the Designer feature of phpMyAdmin could allow an unauthenticated, remote attacker to conduct an SQL injection attack on a targeted system.
The vulnerability is due to insufficient validation of username requests by the Designer feature of the affected software. An attacker could exploit this vulnerability by sending a request that submits a malicious username to the affected application. An exploit could allow the attacker to conduct an SQL injection attack, which the attacker could use to access or modify sensitive information, or cause a denial of service (DoS) condition by deleting sensitive information from the backend database.
phpMyAdmin has confirmed the vulnerability and released software updates.