DSA-2975-1 phpmyadmin -- phpmyadminID: oval:org.secpod.oval:def:601714 | Date: (C)2014-07-28 (M)2022-10-10 |
Class: PATCH | Family: unix |
Several vulnerabilities have been discovered in phpMyAdmin, a tool to administer MySQL over the web. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-4995 Authenticatd users could inject arbitrary web script or HTML via a crafted SQL query. CVE-2013-4996 Cross site scripting was possible via a crafted logo URL in the navigation panel or a crafted entry in the Trusted Proxy list. CVE-2013-5002 Authenticated users could inject arbitrary web script or HTML via a crafted pageNumber value in Schema Export. CVE-2013-5003 Authenticated users could execute arbitrary SQL commands as the phpMyAdmin "control user" via the scale parameter PMD PDF export and the pdf_page_number parameter in Schema Export. CVE-2014-1879 Authenticated users could inject arbitrary web script or HTML via a crafted file name in the Import function.