Mandriva Linux Security Advisory : phpmyadmin (MDVSA-2013:203)

Multiple vulnerabilities has been discovered and corrected in phpmyadmin : - XSS due to unescaped HTML Output when executing a SQL query CVE-2013-4995. - 5 XSS vulnerabilities in setup, chart display, process list, and logo link. If a crafted version.json would be presented, an XSS could be...

CVE-2013-4997

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving a JavaScript event in 1 an anchor identifier to setup/index.php or 2 a chartTitle aka chart title value...

CVE-2013-5001

CVE-2013-5001 affects phpMyAdmin 4.0.x before 4.0.4.2. The issue is a Cross-site Scripting (XSS) vulnerability in libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php that enables remote authenticated users to inject arbitrary web script or HTML via a crafted object ...

CVE-2013-4998

phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to pmdcommon.php and other files...

CVE-2013-4999

phpMyAdmin 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to Error.class.php and ErrorHandler.class.php...

CVE-2013-4995

Cross-site scripting XSS vulnerability in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted SQL query that is not properly handled during the display of row information...

CVE-2013-4999

CVE-2013-4999 affects phpMyAdmin 4.0.x prior to 4.0.4.2. An invalid request can disclose the installation path in an error message via Error.class.php/Error_Handler.class.php, enabling information disclosure with network access. The vulnerability has a partial confidentiality impact (as per the N...

CVE-2013-4996

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 a crafted database name, 2 a crafted user name, 3 a crafted logo URL in the navigation panel, 4 a...

CVE-2013-5001

Cross-site scripting XSS vulnerability in libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php in phpMyAdmin 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted object name associated with a...

CVE-2013-5001

Cross-site scripting XSS vulnerability in libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php in phpMyAdmin 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted object name associated with a...

CVE-2013-4999

phpMyAdmin 4.0.x before 4.0.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to Error.class.php and ErrorHandler.class.php...

CVE-2013-5002

Cross-site scripting XSS vulnerability in libraries/schema/ExportRelationSchema.class.php in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted pageNumber value to schemaexport.php...

CVE-2013-5002

Cross-site scripting XSS vulnerability in libraries/schema/ExportRelationSchema.class.php in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted pageNumber value to schemaexport.php...

CVE-2013-5003

Multiple SQL injection vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allow remote authenticated users to execute arbitrary SQL commands via 1 the scale parameter to pmdpdf.php or 2 the pdfpagenumber parameter to schemaexport.php...

CVE-2013-5000

phpMyAdmin 3.5.x before 3.5.8.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to config.default.php and other files...

CVE-2013-4995

CVE-2013-4995 affects phpMyAdmin 3.5.x (<3.5.8.2) and 4.0.x (

CVE-2013-5000

CVE-2013-5000 affects phpMyAdmin 3.5.x before 3.5.8.2. The issue is information disclosure via an invalid request that reveals the installation path in an error message, related to config.default.php and other files. The vulnerability allows partial disclosure of sensitive paths when exploited. A...

CVE-2013-4996

phpMyAdmin 3.5.x (before 3.5.8.2) and 4.0.x (before 4.0.4.2) are affected by CVE-2013-4995 and CVE-2013-4996, which enable remote XSS via crafted database name, user name, navigation logo URL, entries in the proxy list, or content in version.json. The vulnerability arises from input vectors that ...

CVE-2013-4996

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving 1 a crafted database name, 2 a crafted user name, 3 a crafted logo URL in the navigation panel, 4 a...

CVE-2013-5000

phpMyAdmin 3.5.x before 3.5.8.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the installation path in an error message, related to config.default.php and other files...