CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
Percentile
60.9%
Cross-site scripting (XSS) vulnerability in the micro history implementation in phpMyAdmin 4.0.x before 4.0.10.3, 4.1.x before 4.1.14.4, and 4.2.x before 4.2.8.1 allows remote attackers to inject arbitrary web script or HTML, and consequently conduct a cross-site request forgery (CSRF) attack to create a root account, via a crafted URL, related to js/ajax.js.
Vendor | Product | Version | CPE |
---|---|---|---|
phpmyadmin | phpmyadmin | * | cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:* |
lists.opensuse.org/opensuse-updates/2014-09/msg00032.html
www.phpmyadmin.net/home_page/security/PMASA-2014-10.php
github.com/advisories/GHSA-6wfj-2mw7-p5cg
github.com/phpmyadmin/phpmyadmin/commit/33b39f9f1dd9a4d27856530e5ac004e23b30e8ac
nvd.nist.gov/vuln/detail/CVE-2014-6300
security.gentoo.org/glsa/201505-03
web.archive.org/web/20200228081340/www.securityfocus.com/bid/69790