GHSA-6wfj-2mw7-p5cg

Source

https://github.com/advisories/GHSA-6wfj-2mw7-p5cg

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-6wfj-2mw7-p5cg/GHSA-6wfj-2mw7-p5cg.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-6wfj-2mw7-p5cg

Aliases

CVE-2014-6300

Published

2022-05-14T02:09:44Z

Modified

2024-12-08T05:27:09.558674Z

Summary

phpMyAdmin micro history Implementation XSS Vulnerability

Details

Cross-site scripting (XSS) vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject arbitrary web script or HTML, and consequently conduct a cross-site request forgery (CSRF) attack to create a root account, via a crafted URL, related to js/ajax.js.

Database specific

{
    "nvd_published_at": "2014-11-08T11:55:00Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2023-08-15T22:10:33Z"
}

References

Affected packages

Packagist / phpmyadmin/phpmyadmin

Package

Name: phpmyadmin/phpmyadmin
Purl: pkg:composer/phpmyadmin/phpmyadmin

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.0.0

Fixed

4.0.10.3

Affected versions

4.*

4.0.0

4.0.1

4.0.2

4.0.3

4.0.4

4.0.4.1

4.0.4.2

4.0.5

4.0.6

4.0.7

4.0.8

4.0.9

4.0.10

4.0.10.1

4.0.10.2

Packagist / phpmyadmin/phpmyadmin

Package

Name: phpmyadmin/phpmyadmin
Purl: pkg:composer/phpmyadmin/phpmyadmin

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.1.0

Fixed

4.1.14.4

Packagist / phpmyadmin/phpmyadmin

Package

Name: phpmyadmin/phpmyadmin
Purl: pkg:composer/phpmyadmin/phpmyadmin

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.2.0

Fixed

4.2.8.1