FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpMyAdmin -- XSS and DoS vulnerabilities

Affected packages
4.2.0 <= phpMyAdmin <


VuXML ID c9c46fbf-7b83-11e4-a96e-6805ca0b3d42
Discovery 2014-12-03
Entry 2014-12-04

The phpMyAdmin development team reports:

DoS vulnerability with long passwords.

With very long passwords it was possible to initiate a denial of service attack on phpMyAdmin.

We consider this vulnerability to be serious.

This vulnerability can be mitigated by configuring throttling in the webserver.

XSS vulnerability in redirection mechanism.

With a crafted URL it was possible to trigger an XSS in the redirection mechanism in phpMyAdmin.

We consider this vulnerability to be non critical.


CVE Name CVE-2014-9218
CVE Name CVE-2014-9219