[Case 82797] XSS Vulnerability phpMyAdmin < 4.1.7

HostT

Member
Dec 7, 2010
16
1
53
Cross-site scripting (XSS) vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action.

Not sure how this affects cPanel (security wise), but figured it would worth mentioning as I know cPanel packages phpMyAdmin with cPanel and I had to manually edit to make this change.

How does this affect shared servers?

phpMyAdmin - Security - PMASA-2014-1

phpMyAdmin 4.1.6 Cross-site scripting (XSS) - CXSecurity.com
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,202
363
re: [Case 82797] XSS Vulnerability phpMyAdmin < 4.1.7

Hello :)

An internal case is open for the implementation of a newer version of phpMyAdmin. For reference, the case number is 82797. I have added a note to this case referencing this thread and CVE-2014-1879.

Thank you.
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,202
363
You can monitor the change log for that case number via:

cPanel - Change Log

Keep in mind that phpMyAdmin considers the vulnerability you referenced to be non critical.

Thank you.
 

HostT

Member
Dec 7, 2010
16
1
53
You can monitor the change log for that case number via:

cPanel - Change Log

Keep in mind that phpMyAdmin considers the vulnerability you referenced to be non critical.

Thank you.
Yes I saw that, but that's the reason I asked how does this affect shared servers. Because if that means they can inject code that would be executed as a different user, or even root (yikes!), then I consider it critical, if it's only executed as the user then there's no worries