FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpMyAdmin -- XSRF/CSRF due to DOM based XSS in the micro history feature

Affected packages
4.2.0 <= phpMyAdmin < 4.2.8.1

Details

VuXML ID cc627e6c-3b89-11e4-b629-6805ca0b3d42
Discovery 2014-09-13
Entry 2014-09-13

The phpMyAdmin development team reports:

XSRF/CSRF due to DOM based XSS in the micro history feature.

By deceiving a logged-in user to click on a crafted URL, it is possible to perform remote code execution and in some cases, create a root account due to a DOM based XSS vulnerability in the micro history feature.

References

CVE Name CVE-2014-6300
URL http://www.phpmyadmin.net/home_page/security/PMASA-2014-10.php