PMASA-2014-18

Announcement-ID: PMASA-2014-18

Date: 2014-12-03

Summary

XSS vulnerability in redirection mechanism.

Description

With a crafted URL it was possible to trigger an XSS in the redirection mechanism in phpMyAdmin.

Severity

We consider this vulnerability to be non critical.

Affected Versions

Versions 4.2.x (prior to 4.2.13.1) are affected.

Solution

Upgrade to phpMyAdmin 4.2.13.1 or newer, or apply the patch listed below.

References

Thanks to Manuel Fernandez of ElevenPaths for reporting this vulnerability.

Assigned CVE ids: CVE-2014-9219

CWE ids: CWE-661 CWE-79

Patches

The following commits have been made to fix this issue:

More information

For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.

Announcements