|
|
Subscribe / Log in / New account

phpmyadmin: multiple vulnerabilities

Package(s):phpmyadmin CVE #(s):CVE-2013-4997 CVE-2013-4999 CVE-2013-5001
Created:November 4, 2013 Updated:July 30, 2014
Description: From the CVE entries:

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving a JavaScript event in (1) an anchor identifier to setup/index.php or (2) a chartTitle (aka chart title) value. (CVE-2013-4997)

phpMyAdmin 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to Error.class.php and Error_Handler.class.php. (CVE-2013-4999)

Cross-site scripting (XSS) vulnerability in libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php in phpMyAdmin 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted object name associated with a TextLinkTransformationPlugin link. (CVE-2013-5001)

Alerts:
Fedora FEDORA-2014-8577 phpMyAdmin 2014-07-30
Fedora FEDORA-2014-8581 phpMyAdmin 2014-07-30
Gentoo 201311-02 phpmyadmin 2013-11-04
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds