[Case 82797] XSS Vulnerability phpMyAdmin < 4.1.7
Cross-site scripting (XSS) vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action.
Not sure how this affects cPanel (security wise), but figured it would worth mentioning as I know cPanel packages phpMyAdmin with cPanel and I had to manually edit to make this change.
How does this affect shared servers?
[url=http://www.phpmyadmin.net/home_page/security/PMASA-2014-1.php]phpMyAdmin - Security - PMASA-2014-1
[url=http://cxsecurity.com/issue/WLB-2014020190]phpMyAdmin 4.1.6 Cross-site scripting (XSS) - CXSecurity.com
-
re: [Case 82797] XSS Vulnerability phpMyAdmin < 4.1.7 Hello :) An internal case is open for the implementation of a newer version of phpMyAdmin. For reference, the case number is 82797. I have added a note to this case referencing this thread and CVE-2014-1879. Thank you. 0 -
How does one follow or get notifications of a case? 0 -
You can monitor the change log for that case number via: cPanel - Change Log Keep in mind that phpMyAdmin considers the vulnerability you referenced to be non critical. Thank you. 0 -
[quote="cPanelMichael, post: 1582461">You can monitor the change log for that case number via: cPanel - Change Log Keep in mind that phpMyAdmin considers the vulnerability you referenced to be non critical. Thank you.
Yes I saw that, but that's the reason I asked how does this affect shared servers. Because if that means they can inject code that would be executed as a different user, or even root (yikes!), then I consider it critical, if it's only executed as the user then there's no worries0
Please sign in to leave a comment.
Comments
4 comments