PT-2014-6385 · Phpmyadmin+1 · Phpmyadmin+1
Marc Delisle
·
Publicado
2014-08-21
·
Atualizado
2024-06-15
·
CVE-2014-5273
CVSS v2.0
3.5
Baixa
| Vetor | AV:N/AC:M/Au:S/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
phpMyAdmin versions 4.0.x through 4.0.10.1
phpMyAdmin versions 4.1.x through 4.1.14.2
phpMyAdmin versions 4.2.x through 4.2.7.0
Description
The issue allows remote authenticated users to inject arbitrary web script or HTML via several pages, including the browse table page related to js/sql.js, the ENUM editor page related to js/functions.js, the monitor page related to js/server status monitor.js, the query charts page related to js/tbl chart.js, or the table relations page related to libraries/tbl relation.lib.php.
Recommendations
For phpMyAdmin versions 4.0.x through 4.0.10.1, update to version 4.0.10.2 or later.
For phpMyAdmin versions 4.1.x through 4.1.14.2, update to version 4.1.14.3 or later.
For phpMyAdmin versions 4.2.x through 4.2.7.0, update to version 4.2.7.1 or later.
Exploit
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Alt Linux
Phpmyadmin