phpMyAdmin: multiple vulnerabilities [LWN.net]

Package(s):

phpMyAdmin

CVE #(s):

CVE-2013-5029

Created:

August 14, 2013

Updated:

August 14, 2013

Description:

From the openSUSE bug reports [1, 2]:

"XSS due to unescaped HTML Output when executing a SQL query."
http://www.phpmyadmin.net/home_page/security/PMASA-2013-8.php
"5 XSS vulnerabilities in setup, chart display, process list, and logo link."
http://www.phpmyadmin.net/home_page/security/PMASA-2013-9.php
"If a crafted version.json would be presented, an XSS could be introduced."
http://www.phpmyadmin.net/home_page/security/PMASA-2013-11.php
"Full path disclosure vulnerabilities."
http://www.phpmyadmin.net/home_page/security/PMASA-2013-12.php
"XSS vulnerability when a text to link transformation is used."
http://www.phpmyadmin.net/home_page/security/PMASA-2013-13.php
"Self-XSS due to unescaped HTML output in schema export."
http://www.phpmyadmin.net/home_page/security/PMASA-2013-14.php
"SQL injection vulnerabilities, producing a privilege escalation (control user)."
http://www.phpmyadmin.net/home_page/security/PMASA-2013-15.php

"phpMyAdmin has a number of mechanisms to avoid a clickjacking attack, however these mechanisms either work only in modern browser versions, or can be bypassed."
http://www.phpmyadmin.net/home_page/security/PMASA-2013-10.php

Alerts:

openSUSE

2013-08-14

(Log in to post comments)