CVE-2014-6300
N/A
N/A
Summary
Cross-site scripting (XSS) vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject arbitrary web script or HTML, and consequently conduct a cross-site request forgery (CSRF) attack to create a root account, via a crafted URL, related to js/ajax.js.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://security.gentoo.org/glsa/201505-03
- https://github.com/phpmyadmin/phpmyadmin/commit/33b39f9f1dd9a4d27856530e5ac004e23b30e8ac
- http://www.phpmyadmin.net/home_page/security/PMASA-2014-10.php
- http://lists.opensuse.org/opensuse-updates/2014-09/msg00032.html
- http://www.securityfocus.com/bid/69790
References
- https://security.gentoo.org/glsa/201505-03
- https://github.com/phpmyadmin/phpmyadmin/commit/33b39f9f1dd9a4d27856530e5ac004e23b30e8ac
- http://www.phpmyadmin.net/home_page/security/PMASA-2014-10.php
- http://lists.opensuse.org/opensuse-updates/2014-09/msg00032.html
- http://www.securityfocus.com/bid/69790
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.