CVE-2014-8958

Name of the Vulnerable Software and Affected Versions phpMyAdmin versions 4.0.x through 4.0.10.5 phpMyAdmin versions 4.1.x through 4.1.14.6 phpMyAdmin versions 4.2.x through 4.2.12

Description The issue allows remote authenticated users to inject arbitrary web script or HTML via various crafted inputs that are improperly handled during rendering of certain pages. This includes a crafted database, table, or column name during rendering of the table browse page, a crafted ENUM value during rendering of the table print view or zoom search page, or a crafted pma fontsize cookie during rendering of the home page.

Recommendations For phpMyAdmin versions 4.0.x through 4.0.10.5, update to version 4.0.10.6 or later. For phpMyAdmin versions 4.1.x through 4.1.14.6, update to version 4.1.14.7 or later. For phpMyAdmin versions 4.2.x through 4.2.12, update to a version later than 4.2.12.