CVE-2014-4348

Name of the Vulnerable Software and Affected Versions phpMyAdmin versions 4.2.x before 4.2.4

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote authenticated users to inject arbitrary web script or HTML via crafted database or table names that are not properly handled. The improper handling occurs after the presence of these names in either the favorite list or recent tables.

Recommendations For phpMyAdmin versions 4.2.x before 4.2.4, update to version 4.2.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the favorite list and recent tables features until a patch is applied. Avoid using crafted database or table names to minimize the risk of exploitation.