PhpMyAdmin view name Cross-Site Scripting Vulnerability

PhpMyAdmin view name Cross-Site Scripting Vulnerability

Release date:
Updated on:

Affected Systems:
PhpMyAdmin 4.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 69269
CVE (CAN) ID: CVE-2014-5274
 
Phpmyadmin is an online management tool for MySQL databases. Its main functions include creating data tables online, running SQL statements, searching and querying data, and importing and exporting data.
 
In versions earlier than phpMyAdmin 4.1.14.3 and earlier than phpMyAdmin 4.2.7.1, there are multiple cross-site scripting vulnerabilities. authenticated remote users can inject arbitrary Web scripts or HTML by constructing view names.
 
<* Source: vendor

Link: http://secunia.com/advisories/60746/
*>

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
 
PhpMyAdmin
----------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
 
Https://github.com/phpmyadmin/phpmyadmin/commit/0cd293f5e13aa245e4a57b8d373597cc0e421b6f
Http://www.phpmyadmin.net/home_page/security/PMASA-2014-9.php

Example of LAMP architecture collaborative application-phpMyAdmin

PhpMyAdmin and Wordpress for LAMP applications

PhpMyAdmin logon timeout Solution

Install phpMyAdmin and Adminer in Ubuntu

Implement SSL functions based on LAMP and install phpMyAdmin

PhpMyAdmin details: click here
PhpMyAdmin: click here

This article permanently updates the link address: