CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
Percentile
60.9%
The phpMyAdmin development team reports:
XSRF/CSRF due to DOM based XSS in the micro history feature.
By deceiving a logged-in user to click on a crafted URL,
it is possible to perform remote code execution and in some
cases, create a root account due to a DOM based XSS
vulnerability in the micro history feature.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | phpmyadmin | = 4.2.0 | UNKNOWN |
FreeBSD | any | noarch | phpmyadmin | < 4.2.8.1 | UNKNOWN |