[v2.4] phpmyadmin: cross-site scripting (XSS) vulnerability in import.php (CVE-2014-1879)
Cross-site scripting (XSS) vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action.
•CONFIRM:
http://www.phpmyadmin.net/home\_page/security/PMASA-2014-1.php
•CONFIRM:
https://github.com/phpmyadmin/phpmyadmin/commit/968d5d5f486820bfa30af046f063b9f23304e14a
(from redmine: issue id 2734, created on 2014-03-05, closed on 2014-03-11)
- Relations:
- parent #2733 (closed)