FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpmyadmin -- XSS vulnerability in SQL editor

Affected packages
4.5.0 <= phpmyadmin < 4.5.4

Details

VuXML ID 7a59e283-c60b-11e5-bf36-6805ca0b3d42
Discovery 2016-01-28
Entry 2016-01-28

The phpMyAdmin development team reports:

With a crafted SQL query, it is possible to trigger an XSS attack in the SQL editor.

We consider this vulnerability to be non-critical.

This vulnerability can be triggered only by someone who is logged in to phpMyAdmin, as the usual token protection prevents non-logged-in users from accessing the required pages.

References

CVE Name CVE-2016-2045
URL https://www.phpmyadmin.net/security/PMASA-2016-9/