VDB

GCVE-110-MAGEIA-2014-99

GCVE-110-MAGEIA-2014-99
Advisory Published
Vulnetix · Advisory published February 25, 2014
Cross-site scripting (XSS) vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action (CVE-2014-1879). This upgrade provides the latest phpmyadmin version (4.1.8) to address this vulnerability. Additionally the phpseclib package has been added in Mageia 3 and updated in Mageia 4, due to new dependencies.

Affected Products

VendorProductVersionsPlatforms
Mageiaphpmyadmin0 (affected), 4.1.8-1.mga3 (unaffected), 0 (affected), 4.1.8-1.mga3 (unaffected)
Mageiaphpseclib0 (affected), 0 (affected), 0.3.5-1.mga3 (unaffected), 0.3.5-1.mga3 (unaffected)
Mageiaphpmyadmin0 (affected), 4.1.8-1.mga4 (unaffected), 0 (affected), 4.1.8-1.mga4 (unaffected)
Mageiaphpseclib0 (affected), 0.3.5-1.mga4 (unaffected), 0 (affected), 0.3.5-1.mga4 (unaffected)
Mageiaremmina0 (affected), 1.0.0-4.2.mga4 (unaffected)

Browse GCVE Records

73,040 records in the GCVE database · Updated July 15, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›