VDB
GCVE-110-MAGEIA-2014-495
GCVE-110-MAGEIA-2014-495
Advisory Published
Updated phpmyadmin package fixes security vulnerabilities:
In phpMyAdmin before 4.1.14.7, with a crafted database, table or column name
it is possible to trigger an XSS attack in the table browse page, with a
crafted ENUM value it is possible to trigger XSS attacks in the table print
view and zoom search pages, and with a crafted value for font size it is
possible to trigger an XSS attack in the home page (CVE-2014-8958).
In phpMyAdmin before 4.1.14.7, in the GIS editor feature, a parameter
specifying the geometry type was not correcly validated, opening the door to
a local file inclusion attack (CVE-2014-8959).
In phpMyAdmin before 4.1.14.7, with a crafted file name it is possible to
trigger an XSS in the error reporting page (CVE-2014-8960).
In phpMyAdmin before 4.1.14.7, in the error reporting feature, a parameter
specifying the file was not correctly validated, allowing the attacker to
derive the line count of an arbitrary file (CVE-2014-8961).
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | phpmyadmin | 0 (affected), 4.1.14.7-1.mga3 (unaffected) | — |
| Mageia | phpmyadmin | 0 (affected), 4.1.14.7-1.mga4 (unaffected) | — |
References
Browse GCVE Records
73,118 records in the GCVE database · Updated July 16, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.