Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS02d2ZqLTJtdzctcDVjZ84AAVFR
phpMyAdmin micro history Implementation XSS Vulnerability
Cross-site scripting (XSS) vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject arbitrary web script or HTML, and consequently conduct a cross-site request forgery (CSRF) attack to create a root account, via a crafted URL, related to js/ajax.js.
Permalink: https://github.com/advisories/GHSA-6wfj-2mw7-p5cgJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02d2ZqLTJtdzctcDVjZ84AAVFR
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: over 1 year ago
EPSS Percentage: 0.00225
EPSS Percentile: 0.60831
Identifiers: GHSA-6wfj-2mw7-p5cg, CVE-2014-6300
References:
- https://nvd.nist.gov/vuln/detail/CVE-2014-6300
- https://github.com/phpmyadmin/phpmyadmin/commit/33b39f9f1dd9a4d27856530e5ac004e23b30e8ac
- https://security.gentoo.org/glsa/201505-03
- http://lists.opensuse.org/opensuse-updates/2014-09/msg00032.html
- http://www.phpmyadmin.net/home_page/security/PMASA-2014-10.php
- https://web.archive.org/web/20200228081340/http://www.securityfocus.com/bid/69790
- https://github.com/advisories/GHSA-6wfj-2mw7-p5cg
Blast Radius: 0.0
Affected Packages
packagist:phpmyadmin/phpmyadmin
Dependent packages: 4Dependent repositories: 15
Downloads: 324,333 total
Affected Version Ranges: >= 4.2.0, < 4.2.8.1, >= 4.1.0, < 4.1.14.4, >= 4.0.0, < 4.0.10.3
Fixed in: 4.2.8.1, 4.1.14.4, 4.0.10.3
All affected versions: 4.0.0, 4.0.1-0.1, 4.0.1-0.2, 4.7.0, 4.7.1, 4.7.2, 4.7.3, 4.7.4, 4.7.5, 4.7.6, 4.7.7, 4.7.8, 4.7.9, 4.8.0, 4.8.1, 4.8.2, 4.8.3, 4.8.4, 4.8.5, 4.9.0, 4.9.1, 4.9.2, 4.9.3, 4.9.4, 4.9.5, 4.9.6, 4.9.7, 4.9.8, 4.9.9, 4.9.10, 4.9.11, 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.1.0, 5.1.1, 5.1.2, 5.1.3, 5.1.4, 5.2.0, 5.2.1
All unaffected versions: 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7, 4.0.8, 4.0.9, 4.0.10