CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
EPSS
Percentile
53.9%
Versions of phpMyAdmin earlier than 4.0.10.1, 4.1.14.2, or 4.2.6 are unpatched for the following vulnerabilities :
The ‘TABLE_COMMENT’ parameter input is not being validated in the script ‘libraries/structure.lib.php’ and could allow cross-site scripting attacks. Note that this issue affects the 4.2.x branch. (CVE-2014-4954)
The ‘trigger’ parameter input is not being validated in the script ‘libraries/rte/rte_list.lib.php’ and could allow cross-site scripting attacks. (CVE-2014-4955)
The ‘table’ and ‘curr_column_name’ parameter inputs are not being validated in the scripts ‘js/functions.js’ and ‘js/tbl_structure.js’ respectively and could allow cross-site scripting attacks. (CVE-2014-4986)
The script ‘server_user_groups.php’ contains an error that could allow a remote attacker to obtain the MySQL user list and possibly make changes to the application display. Note this issue only affects the 4.1.x and 4.2.x branches. (CVE-2014-4987)
Binary data 8377.prm
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4954
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4955
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4986
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4987
www.phpmyadmin.net/home_page/security/PMASA-2014-4.php
www.phpmyadmin.net/home_page/security/PMASA-2014-5.php
www.phpmyadmin.net/home_page/security/PMASA-2014-6.php
www.phpmyadmin.net/home_page/security/PMASA-2014-7.php