phpMyAdmin 5.0.2 allows CRLF injection, as demonstrated by %0D%0Astring%0D%0A inputs to login form fields causing CRLF sequences to be reflected on an error page.

Reference:
https://github.com/phpmyadmin/phpmyadmin/issues/16056