[ MDVSA-2014:183 ] phpmyadmin

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2014:183
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : phpmyadmin
 Date    : September 24, 2014
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated phpmyadmin package fixes security vulnerability:
 
 In phpMyAdmin before 4.2.9, by deceiving a logged-in user to click on
 a crafted URL, it is possible to perform remote code execution and in
 some cases, create a root account due to a DOM based XSS vulnerability
 in the micro history feature (CVE-2014-6300).
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6300
 http://advisories.mageia.org/MGASA-2014-0383.html
 _______

Leave a Reply