The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[Case 82797] XSS Vulnerability phpMyAdmin < 4.1.7

Discussion in 'Security' started by HostT, Feb 22, 2014.

  1. HostT

    HostT Member

    Joined:
    Dec 7, 2010
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    Cross-site scripting (XSS) vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action.

    Not sure how this affects cPanel (security wise), but figured it would worth mentioning as I know cPanel packages phpMyAdmin with cPanel and I had to manually edit to make this change.

    How does this affect shared servers?

    phpMyAdmin - Security - PMASA-2014-1

    phpMyAdmin 4.1.6 Cross-site scripting (XSS) - CXSecurity.com
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    re: [Case 82797] XSS Vulnerability phpMyAdmin < 4.1.7

    Hello :)

    An internal case is open for the implementation of a newer version of phpMyAdmin. For reference, the case number is 82797. I have added a note to this case referencing this thread and CVE-2014-1879.

    Thank you.
     
  3. Jay_BEE

    Jay_BEE Registered

    Joined:
    Feb 3, 2014
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Reseller Owner
    How does one follow or get notifications of a case?
     
  4. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,678
    Likes Received:
    648
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    You can monitor the change log for that case number via:

    cPanel - Change Log

    Keep in mind that phpMyAdmin considers the vulnerability you referenced to be non critical.

    Thank you.
     
  5. HostT

    HostT Member

    Joined:
    Dec 7, 2010
    Messages:
    14
    Likes Received:
    0
    Trophy Points:
    1
    Yes I saw that, but that's the reason I asked how does this affect shared servers. Because if that means they can inject code that would be executed as a different user, or even root (yikes!), then I consider it critical, if it's only executed as the user then there's no worries
     
Loading...

Share This Page