Cross-site scripting (XSS) vulnerability in the micro history implementation in phpMyAdmin 4.0.x prior to 4.0.10.3, 4.1.x prior to 4.1.14.4, and 4.2.x prior to 4.2.8.1 allows remote malicious users to inject arbitrary web script or HTML, and consequently conduct a cross-site request forgery (CSRF) attack to create a root account, via a crafted URL, related to js/ajax.js.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
opensuse opensuse 12.3 |
||
opensuse opensuse 13.1 |
||
phpmyadmin phpmyadmin 4.0.0 |
||
phpmyadmin phpmyadmin 4.0.4 |
||
phpmyadmin phpmyadmin 4.0.4.1 |
||
phpmyadmin phpmyadmin 4.1.0 |
||
phpmyadmin phpmyadmin 4.1.1 |
||
phpmyadmin phpmyadmin 4.1.14.3 |
||
phpmyadmin phpmyadmin 4.1.2 |
||
phpmyadmin phpmyadmin 4.2.0 |
||
phpmyadmin phpmyadmin 4.2.1 |
||
phpmyadmin phpmyadmin 4.2.8 |
||
phpmyadmin phpmyadmin 4.0.1 |
||
phpmyadmin phpmyadmin 4.0.10 |
||
phpmyadmin phpmyadmin 4.0.6 |
||
phpmyadmin phpmyadmin 4.0.7 |
||
phpmyadmin phpmyadmin 4.1.12 |
||
phpmyadmin phpmyadmin 4.1.13 |
||
phpmyadmin phpmyadmin 4.1.5 |
||
phpmyadmin phpmyadmin 4.1.6 |
||
phpmyadmin phpmyadmin 4.1.7 |
||
phpmyadmin phpmyadmin 4.2.4 |
||
phpmyadmin phpmyadmin 4.2.5 |
||
phpmyadmin phpmyadmin 4.0.4.2 |
||
phpmyadmin phpmyadmin 4.0.5 |
||
phpmyadmin phpmyadmin 4.1.10 |
||
phpmyadmin phpmyadmin 4.1.11 |
||
phpmyadmin phpmyadmin 4.1.3 |
||
phpmyadmin phpmyadmin 4.1.4 |
||
phpmyadmin phpmyadmin 4.2.2 |
||
phpmyadmin phpmyadmin 4.2.3 |
||
phpmyadmin phpmyadmin 4.0.10.2 |
||
phpmyadmin phpmyadmin 4.0.2 |
||
phpmyadmin phpmyadmin 4.0.3 |
||
phpmyadmin phpmyadmin 4.0.8 |
||
phpmyadmin phpmyadmin 4.0.9 |
||
phpmyadmin phpmyadmin 4.1.14 |
||
phpmyadmin phpmyadmin 4.1.14.1 |
||
phpmyadmin phpmyadmin 4.1.8 |
||
phpmyadmin phpmyadmin 4.1.9 |
||
phpmyadmin phpmyadmin 4.2.7 |
||
phpmyadmin phpmyadmin 4.2.7.1 |