FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpMyAdmin -- multiple XSS vulnerabilities, missing validation

Affected packages
4.2.0 <= phpMyAdmin < 4.2.6

Details

VuXML ID 3f09ca29-0e48-11e4-b17a-6805ca0b3d42
Discovery 2014-07-18
Entry 2014-07-18
Modified 2014-07-20

The phpMyAdmin development team reports:

Self-XSS due to unescaped HTML output in database structure page.

With a crafted table comment, it is possible to trigger an XSS in database structure page.

[source]

Self-XSS due to unescaped HTML output in database triggers page.

When navigating into the database triggers page, it is possible to trigger an XSS with a crafted trigger name.

[source]

Multiple XSS in AJAX confirmation messages.

With a crafted column name it is possible to trigger an XSS when dropping the column in table structure page. With a crafted table name it is possible to trigger an XSS when dropping or truncating the table in table operations page.

[source]

Access for an unprivileged user to MySQL user list.

An unpriviledged user could view the MySQL user list and manipulate the tabs displayed in phpMyAdmin for them.

[source]

References

CVE Name CVE-2014-4954
CVE Name CVE-2014-4955
CVE Name CVE-2014-4986
CVE Name CVE-2014-4987
URL http://www.phpmyadmin.net/home_page/security/PMASA-2014-4.php
URL http://www.phpmyadmin.net/home_page/security/PMASA-2014-5.php
URL http://www.phpmyadmin.net/home_page/security/PMASA-2014-6.php
URL http://www.phpmyadmin.net/home_page/security/PMASA-2014-7.php

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.