[Case 82797] XSS Vulnerability phpMyAdmin < 4.1.7

[HostT]

Cross-site scripting (XSS) vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action.

Not sure how this affects cPanel (security wise), but figured it would worth mentioning as I know cPanel packages phpMyAdmin with cPanel and I had to manually edit to make this change.

How does this affect shared servers?

phpMyAdmin - Security - PMASA-2014-1

phpMyAdmin 4.1.6 Cross-site scripting (XSS) - CXSecurity.com

 

[cPanelMichael]

re: [Case 82797] XSS Vulnerability phpMyAdmin < 4.1.7

Hello

An internal case is open for the implementation of a newer version of phpMyAdmin. For reference, the case number is 82797. I have added a note to this case referencing this thread and CVE-2014-1879.

Thank you.

 

[Jay_BEE]

How does one follow or get notifications of a case?

 

[cPanelMichael]

You can monitor the change log for that case number via:

cPanel - Change Log

Keep in mind that phpMyAdmin considers the vulnerability you referenced to be non critical.

Thank you.

 

[HostT]

You can monitor the change log for that case number via:

cPanel - Change Log

Keep in mind that phpMyAdmin considers the vulnerability you referenced to be non critical.

Thank you.

Yes I saw that, but that's the reason I asked how does this affect shared servers. Because if that means they can inject code that would be executed as a different user, or even root (yikes!), then I consider it critical, if it's only executed as the user then there's no worries