[3.8] phpmyadmin: XSS in the import dialog (CVE-2018-15605)
A Cross-Site Scripting vulnerability was found in the file import
feature, where an attacker
can deliver a payload to a user through importing a specially-crafted
file.
Affected Versions:
phpMyAdmin versions prior to 4.8.3
Reference:
https://www.phpmyadmin.net/security/PMASA-2018-5/
Patch:
https://github.com/phpmyadmin/phpmyadmin/commit/00d90b3ae415b31338f76263359467a9fbebd0a1
(from redmine: issue id 9376, created on 2018-09-04, closed on 2018-09-11)
- Changesets:
- Revision 370ae65e by Natanael Copa on 2018-09-10T18:32:42Z:
community/phpmyadmin: security upgrade to 4.8.3 (CVE-2018-15605)
fixes #9376