Vigil@nce - phpMyAdmin: multiple vulnerabilities
August 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of phpMyAdmin.
Impacted products: MBS, phpMyAdmin
Severity: 2/4
Creation date: 18/07/2014
Revision date: 21/07/2014
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in phpMyAdmin.
An attacker can trigger a Cross Site Scripting in Database
Structure, in order to execute JavaScript code in the context of
the web site. [severity:2/4; CVE-2014-4954, PMASA-2014-4]
An attacker can trigger a Cross Site Scripting in Database
Triggers, in order to execute JavaScript code in the context of
the web site. [severity:2/4; CVE-2014-4955, PMASA-2014-5]
An attacker can trigger a Cross Site Scripting in AJAX
Confirmation Messages, in order to execute JavaScript code in the
context of the web site. [severity:2/4; CVE-2014-4986,
PMASA-2014-6]
An attacker can read the MySQL user list, in order to obtain
sensitive information. [severity:2/4; CVE-2014-4987, PMASA-2014-7]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/phpMyAdmin-multiple-vulnerabilities-15073