Versions of phpMyAdmin earlier than 4.0.10.3, 4.1.14.4, or 4.2.8.1 are unpatched for a DOM-based cross-site scripting vulnerability in the micro-history feature that could be leveraged for cross-site request forgery β that is, by deceiving a logged-in user to click on a crafted URL, an attacker could perform remote code execution and in some cases, create a root account, via the userβs account.
Binary data 8409.prm
Vendor | Product | Version | CPE |
---|---|---|---|
phpmyadmin | phpmyadmin | cpe:/a:phpmyadmin:phpmyadmin |