PMASA-2016-20

Announcement-ID: PMASA-2016-20

Date: 2016-06-23

Summary

XSS on table structure page

Description

An XSS vulnerability was discovered on the table structure page

Severity

We consider this to be a serious vulnerability

Affected Versions

All 4.6.x versions (prior to 4.6.3) are affected

Solution

Upgrade to phpMyAdmin 4.6.3 or newer or apply patch listed below.

References

Thanks to Nils Juenemann @totally_unknown for reporting this vulnerability.

Assigned CVE ids: CVE-2016-5704

CWE ids: CWE-661

Patches

The following commits have been made on the 4.6 branch to fix this issue:

More information

For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.

Announcements