Hi There is no vulnerability in this - user needs to be logged in. You can do same (without messing SQL injection) by directly passing SQL statements to import.php or sql.php. Yes phpMyAdmin allows to execute queries to authenticated users, but it's main task of this program and can not be considered as vulnerability. Michal