Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS02d2ZqLTJtdzctcDVjZ84AAVFR

phpMyAdmin micro history Implementation XSS Vulnerability

Cross-site scripting (XSS) vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject arbitrary web script or HTML, and consequently conduct a cross-site request forgery (CSRF) attack to create a root account, via a crafted URL, related to js/ajax.js.

Permalink: https://github.com/advisories/GHSA-6wfj-2mw7-p5cg
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02d2ZqLTJtdzctcDVjZ84AAVFR
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: 9 months ago

Identifiers: GHSA-6wfj-2mw7-p5cg, CVE-2014-6300
References:

Repository: https://github.com/phpmyadmin/phpmyadmin
Blast Radius: 0.0

Affected Packages

packagist:phpmyadmin/phpmyadmin

Dependent packages: 4
Dependent repositories: 15
Downloads: 297,418 total
Affected Version Ranges: >= 4.2.0, < 4.2.8.1, >= 4.1.0, < 4.1.14.4, >= 4.0.0, < 4.0.10.3
Fixed in: 4.2.8.1, 4.1.14.4, 4.0.10.3
All affected versions: 4.0.0, 4.0.1-0.1, 4.0.1-0.2, 4.7.0, 4.7.1, 4.7.2, 4.7.3, 4.7.4, 4.7.5, 4.7.6, 4.7.7, 4.7.8, 4.7.9, 4.8.0, 4.8.1, 4.8.2, 4.8.3, 4.8.4, 4.8.5, 4.9.0, 4.9.1, 4.9.2, 4.9.3, 4.9.4, 4.9.5, 4.9.6, 4.9.7, 4.9.8, 4.9.9, 4.9.10, 4.9.11, 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.1.0, 5.1.1, 5.1.2, 5.1.3, 5.1.4, 5.2.0, 5.2.1
All unaffected versions: 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7, 4.0.8, 4.0.9, 4.0.10