Cross-site scripting (XSS) vulnerability in view_create.php (aka the Create View page) in phpMyAdmin 4.x prior to 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via an invalid SQL CREATE VIEW statement with a crafted name that triggers an error message.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
phpmyadmin phpmyadmin 4.0.1 |
||
phpmyadmin phpmyadmin 4.0.2 |
||
phpmyadmin phpmyadmin 4.0.0 |