|
Description
|
|
Multiple vulnerabilities have been reported in phpMyAdmin, which can be exploited by malicious users to disclose certain sensitive information and conduct script insertion attacks.
1) Certain input related to database and table column names is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site if malicious data is viewed.
2) Certain input related to print view and zoom search is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site if malicious data is viewed.
3) Certain input related to the geometry type within the GIS editor feature is not properly verified before being used to include files. This can be exploited to include arbitrary files from local resources via directory traversal sequences.
The vulnerabilities #1 through #3 are reported in versions 4.0.x prior to 4.0.10.6, 4.1.x prior to 4.1.14.7, and 4.2.x prior to 4.2.12.
4) Certain input related to file names is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site if malicious data is viewed.
This vulnerability is reported in versions 4.1.x prior to 4.1.14.7 and 4.2.x prior to 4.2.12.
|
