Branch t7 update bulletin.

Package phpMyAdmin updated to version 4.2.8.1-alt1 for branch t7 in task 130548.

Published: 2014-11-08
Modified: 2024-11-21

CVE-2014-6300

Cross-site scripting (XSS) vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject arbitrary web script or HTML, and consequently conduct a cross-site request forgery (CSRF) attack to create a root account, via a crafted URL, related to js/ajax.js.

Severity: MEDIUM (4.3)

References:

openSUSE-SU-2014:1150
openSUSE-SU-2014:1150
http://www.phpmyadmin.net/home_page/security/PMASA-2014-10.php
http://www.phpmyadmin.net/home_page/security/PMASA-2014-10.php
69790
69790
https://github.com/phpmyadmin/phpmyadmin/commit/33b39f9f1dd9a4d27856530e5ac004e23b30e8ac
https://github.com/phpmyadmin/phpmyadmin/commit/33b39f9f1dd9a4d27856530e5ac004e23b30e8ac
GLSA-201505-03
GLSA-201505-03

Version: 2.1.0

Branch t7 update on 2014-09-18

ALT-BU-2014-2988-1

ALT-PU-2014-2150-1

Closed vulnerabilities

CVE-2014-6300