PMASA-2016-20
Announcement-ID: PMASA-2016-20
Date: 2016-06-23
Summary
XSS on table structure page
Description
An XSS vulnerability was discovered on the table structure page
Severity
We consider this to be a serious vulnerability
Affected Versions
All 4.6.x versions (prior to 4.6.3) are affected
Solution
Upgrade to phpMyAdmin 4.6.3 or newer or apply patch listed below.
References
Thanks to Nils Juenemann @totally_unknown for reporting this vulnerability.
Assigned CVE IDs: CVE-2016-5704
CWE IDs: CWE-661
Patches
The following commits have been made on the 4.6 branch to fix this issue:
More information
For further information and in case of questions, please contact the phpMyAdmin security team at security@phpmyadmin.net.