phpmyadmin: Multiple issues (CVE-2016-2559, CVE-2016-2560, CVE-2016-2561, CVE-2016-2562)
CVE-2016-2559: XSS vulnerability in SQL parser.
Affected Versions
Versions 4.5.x (prior to 4.5.5.1) are affected.
Upgrade to phpMyAdmin 4.5.5.1 or newer.
References:
https://www.phpmyadmin.net/security/PMASA-2016-10/
CVE-2016-2560: Multiple XSS vulnerabilities.
Affected Versions
Versions 4.0.x (prior to 4.0.10.15), 4.4.x (prior to 4.4.15.5) and 4.5.x (prior to 4.5.5.1) are affected.
Upgrade to phpMyAdmin 4.0.10.15, 4.4.15.4, 4.5.5.1, or newer.
References:
https://www.phpmyadmin.net/security/PMASA-2016-11/
CVE-2016-2561: Multiple XSS vulnerabilities.
Affected Versions
Versions 4.4.x (prior to 4.4.15.5) and 4.5.x (prior to 4.5.5.1) are affected.
Upgrade to phpMyAdmin 4.4.15.5, 4.5.5.1, or newer.
References:
https://www.phpmyadmin.net/security/PMASA-2016-12/
CVE-2016-2562: Vulnerability allowing man-in-the-middle attack on API call to GitHub.
Affected Versions
Versions 4.5.x (prior to 4.5.5.1) are affected.
Upgrade to phpMyAdmin 4.5.5.1 or newer.
References:
https://www.phpmyadmin.net/security/PMASA-2016-13/
(from redmine: issue id 5605, created on 2016-05-20, closed on 2016-06-23)
- Relations:
- child #5606 (closed)
- child #5607 (closed)