SQL injection vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows remote attackers to execute arbitrary SQL commands via the sql_query parameter. This vulnerbability may affect earlier versions of phpMyAdmin as well.