CVE-2014-1879

Name of the Vulnerable Software and Affected Versions phpMyAdmin versions prior to 4.1.7

Description The issue is related to a cross-site scripting (XSS) vulnerability. It allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action. This can be done through the import.php file.

Recommendations For versions prior to 4.1.7, update to version 4.1.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the import.php file to minimize the risk of exploitation. Avoid using crafted filenames in import actions until the issue is resolved.