[v2.7] phpmyadmin: cross-site scripting (XSS) vulnerability in import.php (CVE-2014-1879)
Cross-site scripting (XSS) vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action.
•CONFIRM:
http://www.phpmyadmin.net/home\_page/security/PMASA-2014-1.php
•CONFIRM:
https://github.com/phpmyadmin/phpmyadmin/commit/968d5d5f486820bfa30af046f063b9f23304e14a
(from redmine: issue id 2738, created on 2014-03-05, closed on 2014-03-07)
- Relations:
- parent #2733 (closed)
- Changesets:
- Revision c6a60a36 by Natanael Copa on 2014-03-07T12:03:50Z:
main/phpmyadmin: security fix for CVE-2014-1879
fixes #2738