phpMyAdmin Bringing MySQL to the web

PMASA-2014-18

Announcement-ID: PMASA-2014-18

Date: 2014-12-03

Summary

XSS vulnerability in redirection mechanism.

Description

With a crafted URL it was possible to trigger an XSS in the redirection mechanism in phpMyAdmin.

Severity

We consider this vulnerability to be non critical.

Affected Versions

Versions 4.2.x (prior to 4.2.13.1) are affected.

Solution

Upgrade to phpMyAdmin 4.2.13.1 or newer, or apply the patch listed below.

References

Thanks to Manuel Fernandez of ElevenPaths for reporting this vulnerability.

Assigned CVE ids: CVE-2014-9219

CWE ids: CWE-661 CWE-79

Patches

The following commits have been made to fix this issue:

• 9b2479b7216dd91a6cc2f231c0fd6b85d457f6e2

More information

For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.