{"id":"MGASA-2014-0495","summary":"Updated phpmyadmin packages fix security vulnerabilities","details":"Updated phpmyadmin package fixes security vulnerabilities:\n\nIn phpMyAdmin before 4.1.14.7, with a crafted database, table or column name\nit is possible to trigger an XSS attack in the table browse page, with a\ncrafted ENUM value it is possible to trigger XSS attacks in the table print\nview and zoom search pages, and with a crafted value for font size it is\npossible to trigger an XSS attack in the home page (CVE-2014-8958).\n\nIn phpMyAdmin before 4.1.14.7, in the GIS editor feature, a parameter\nspecifying the geometry type was not correcly validated, opening the door to\na local file inclusion attack (CVE-2014-8959).\n\nIn phpMyAdmin before 4.1.14.7, with a crafted file name it is possible to\ntrigger an XSS in the error reporting page (CVE-2014-8960).\n\nIn phpMyAdmin before 4.1.14.7, in the error reporting feature, a parameter\nspecifying the file was not correctly validated, allowing the attacker to\nderive the line count of an arbitrary file (CVE-2014-8961).\n","modified":"2026-02-04T03:42:04.367111Z","published":"2014-11-26T17:29:06Z","related":["CVE-2014-8958","CVE-2014-8959","CVE-2014-8960","CVE-2014-8961"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2014-0495.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=14637"},{"type":"REPORT","url":"http://www.phpmyadmin.net/home_page/security/PMASA-2014-13.php"},{"type":"REPORT","url":"http://www.phpmyadmin.net/home_page/security/PMASA-2014-14.php"},{"type":"REPORT","url":"http://www.phpmyadmin.net/home_page/security/PMASA-2014-15.php"},{"type":"REPORT","url":"http://www.phpmyadmin.net/home_page/security/PMASA-2014-16.php"}],"affected":[{"package":{"name":"phpmyadmin","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/phpmyadmin?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.1.14.7-1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0495.json"}},{"package":{"name":"phpmyadmin","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/phpmyadmin?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.1.14.7-1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0495.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}