Advisories ยป MGASA-2014-0383

Updated phpmyadmin package fix CVE-2014-6300

Publication date: 22 Sep 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-6300

Description

Updated phpmyadmin package fixes security vulnerability:

In phpMyAdmin before 4.1.14.4, by deceiving a logged-in user to click on a
crafted URL, it is possible to perform remote code execution and in some
cases, create a root account due to a DOM based XSS vulnerability in the
micro history feature (CVE-2014-6300).
                

References

SRPMS

4/core

3/core