Announcement-ID: PMASA-2018-5
Date: 2018-08-21
XSS in the import dialog
A Cross-Site Scripting vulnerability was found in the file import feature, where an attacker can deliver a payload to a user through importing a specially-crafted file.
We consider this attack to be of moderate severity.
phpMyAdmin versions prior to 4.8.3
Upgrade to phpMyAdmin 4.8.3 or newer or apply patch listed below.
Assigned CVE ids: CVE-2018-15605
CWE ids: CWE-661
The following commits have been made on the 4.8 branch to fix this issue:
For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.