All errata/sisyphus/ALT-PU-2014-2227-2
ALT-PU-2014-2227-2

Package update phpMyAdmin in branch sisyphus

Version4.2.9.1-alt1
Task#131352
Published2026-02-04
Max severityMEDIUM
Severity:

Closed issues (6)

CVE-2014-7217
LOW3.5

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.4, 4.1.x before 4.1.14.5, and 4.2.x before 4.2.9.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted ENUM value that is improperly handled during rendering of the (1) table search or (2) table structure page, related to libraries/TableSearch.class.php and libraries/Util.class.php.

Published: 2014-10-03Modified: 2025-04-12
CVSS 2.0LOW 3.5
CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:P/A:N
References
CVE-2014-8326
LOW3.5

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.5, 4.1.x before 4.1.14.6, and 4.2.x before 4.2.10.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) database name or (2) table name, related to the libraries/DatabaseInterface.class.php code for SQL debug output and the js/server_status_monitor.js code for the server monitor page.

Published: 2014-11-05Modified: 2025-04-12
CVSS 2.0LOW 3.5
CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:P/A:N
References
CVE-2014-8959
MEDIUM6.5

Directory traversal vulnerability in libraries/gis/GIS_Factory.class.php in the GIS editor in phpMyAdmin 4.0.x before 4.0.10.6, 4.1.x before 4.1.14.7, and 4.2.x before 4.2.12 allows remote authenticated users to include and execute arbitrary local files via a crafted geometry-type parameter.

Published: 2014-11-30Modified: 2025-04-12
CVSS 2.0MEDIUM 6.5
CVSS:2.0/AV:N/AC:L/Au:S/C:P/I:P/A:P
References
CVE-2014-8960
LOW3.5

Cross-site scripting (XSS) vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename.

Published: 2014-11-30Modified: 2025-04-12
CVSS 2.0LOW 3.5
CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:P/A:N
References
GHSA-pvr5-84gr-g985
NONE

phpMyAdmin Implementation XSS Vulnerability on Server Monitor Page

Published: 2022-05-14Modified: 2023-08-16
References
GHSA-wv8g-fx9j-q2jg
NONE

phpMyAdmin cross-site scripting Vulnerability via ENUM value

Published: 2022-05-17Modified: 2023-08-17
References