Lucene search
GoogleOSV:DSA-2975-1HistoryJul 09, 2014 - 12:00 a.m.
phpmyadmin - security update
2014-07-0900:00:00
Google
osv.dev
12
0.002 Low
EPSS
Percentile
60.2%
Several vulnerabilities have been discovered in phpMyAdmin, a tool to
administer MySQL over the web. The Common Vulnerabilities and Exposures
project identifies the following problems:
- CVE-2013-4995
Authenticated users could inject arbitrary web script or HTML
via a crafted SQL query. - CVE-2013-4996
Cross site scripting was possible via a crafted logo URL in
the navigation panel or a crafted entry in the Trusted Proxies list. - CVE-2013-5002
Authenticated users could inject arbitrary web script or HTML
via a crafted pageNumber value in Schema Export. - CVE-2013-5003
Authenticated users could execute arbitrary SQL commands as
the phpMyAdmin control user via the scale parameter PMD PDF
export and the pdf_page_number parameter in Schema Export. - CVE-2014-1879
Authenticated users could inject arbitrary web script or HTML
via a crafted file name in the Import function.
For the stable distribution (wheezy), these problems have been fixed in
version 4:3.4.11.1-2+deb7u1.
For the unstable distribution (sid), these problems have been fixed in
version 4:4.2.5-1.
We recommend that you upgrade your phpmyadmin packages.
| CPE | Name | Operator | Version |
|---|---|---|---|
| phpmyadmin | eq | 4:3.4.11.1-2 |
References
Related
openvas
openvas
Debian: Security Advisory (DSA-2975-1)
2014-07-08 00:00:00
Debian Security Advisory DSA 2975-1 (phpmyadmin - security update)
2014-07-09 00:00:00
Debian: Security Advisory (DLA-0014-1)
2023-03-08 00:00:00
nessus
nessus
Debian DSA-2975-1 : phpmyadmin - security update
2014-07-10 00:00:00
Mandriva Linux Security Advisory : phpmyadmin (MDVSA-2013:203)
2013-07-31 00:00:00
phpMyAdmin 3.5.x < 3.5.8.2 / 4.0.x < 4.0.4.2 Multiple Vulnerabilities
2014-03-05 00:00:00
debian
debian
[SECURITY] [DSA 2975-1] phpmyadmin security update
2014-07-09 18:45:33
phpmyadmin security update
2014-07-09 19:24:50
phpmyadmin security update
2014-07-09 19:24:32
securityvulns
securityvulns
[ MDVSA-2013:203 ] phpmyadmin
2013-09-09 00:00:00
[ MDVSA-2014:046 ] phpmyadmin
2014-05-05 00:00:00
osv
osv
phpmyadmin - security update
2014-07-09 00:00:00
phpMyAdmin Cross-site scripting (XSS) vulnerability via pageNumber value
2022-05-17 03:12:55
mageia
mageia
Updated phpmyadmin packages fix security vulnerabilities
2013-07-29 18:06:10
Updated phpseclib and phpmyadmin packages fix security vulnerability
2014-02-26 01:49:46
gentoo
gentoo
phpMyAdmin: Multiple vulnerabilities
2013-11-04 00:00:00
nvd
nvd
ubuntucve
ubuntucve
phpmyadmin
phpmyadmin
If a crafted version.json would be presented, an XSS could be introduced.
2013-07-28 00:00:00
XSS due to unescaped HTML Output when executing a SQL query.
2013-07-28 00:00:00
cvelist
cvelist
prion
prion
Cross site scripting
2013-07-31 13:20:00
Sql injection
2013-07-31 13:20:00
Cross site scripting
2013-07-31 13:20:00
debiancve
debiancve
cve
cve
seebug
seebug
phpMyAdmin 'import.php'跨站脚本漏洞
2014-02-24 00:00:00
github
github
phpMyAdmin Cross-site scripting (XSS) vulnerability via pageNumber value
2022-05-17 03:12:55
freebsd
freebsd
phpMyAdmin -- Self-XSS due to unescaped HTML output in import.
2014-02-15 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: phpMyAdmin-4.2.6-1.fc19
2014-07-30 07:02:40
[SECURITY] Fedora 20 Update: phpMyAdmin-4.2.6-1.fc20
2014-07-30 07:01:17