VDB

GCVE-110-MAGEIA-2014-495

GCVE-110-MAGEIA-2014-495
Advisory Published
Vulnetix · Advisory published November 26, 2014
Updated phpmyadmin package fixes security vulnerabilities: In phpMyAdmin before 4.1.14.7, with a crafted database, table or column name it is possible to trigger an XSS attack in the table browse page, with a crafted ENUM value it is possible to trigger XSS attacks in the table print view and zoom search pages, and with a crafted value for font size it is possible to trigger an XSS attack in the home page (CVE-2014-8958). In phpMyAdmin before 4.1.14.7, in the GIS editor feature, a parameter specifying the geometry type was not correcly validated, opening the door to a local file inclusion attack (CVE-2014-8959). In phpMyAdmin before 4.1.14.7, with a crafted file name it is possible to trigger an XSS in the error reporting page (CVE-2014-8960). In phpMyAdmin before 4.1.14.7, in the error reporting feature, a parameter specifying the file was not correctly validated, allowing the attacker to derive the line count of an arbitrary file (CVE-2014-8961).

Affected Products

VendorProductVersionsPlatforms
Mageiaphpmyadmin0 (affected), 4.1.14.7-1.mga3 (unaffected)
Mageiaphpmyadmin0 (affected), 4.1.14.7-1.mga4 (unaffected)

Browse GCVE Records

73,118 records in the GCVE database · Updated July 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›