CVE-2014-9219

Cross-site scripting (XSS) vulnerability in the redirection feature in url.php in phpMyAdmin 4.2.x before 4.2.13.1 allows remote attackers to inject arbitrary web script or HTML via the url parameter.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.mandriva.com/security/advisories?name=MDVSA-2014:243
http://www.phpmyadmin.net/home_page/security/PMASA-2014-18.php	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/99137
https://github.com/phpmyadmin/phpmyadmin/commit/9b2479b7216dd91a6cc2f231c0fd6b85d457f6e2	Exploit

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.0:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.1:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.2:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.3:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.4:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.5:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.6:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.7:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.7.1:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.8:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.8.1:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.9:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.9.1:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.10:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.10.1:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.11:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.12:::::::*
	cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.13:::::::*

History

No history.

Information

Published : 2014-12-08 11:59

Updated : 2024-02-04 18:35

NVD link : CVE-2014-9219

Mitre link : CVE-2014-9219

CVE.ORG link : CVE-2014-9219

JSON object : View

Products Affected

phpmyadmin

phpmyadmin

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

{"id": "CVE-2014-9219", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2014-12-08T11:59:13.233", "references": [{"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:243", "source": "cve@mitre.org"}, {"url": "http://www.phpmyadmin.net/home_page/security/PMASA-2014-18.php", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99137", "source": "cve@mitre.org"}, {"url": "https://github.com/phpmyadmin/phpmyadmin/commit/9b2479b7216dd91a6cc2f231c0fd6b85d457f6e2", "tags": ["Exploit"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the redirection feature in url.php in phpMyAdmin 4.2.x before 4.2.13.1 allows remote attackers to inject arbitrary web script or HTML via the url parameter."}, {"lang": "es", "value": "Vulnerabilidad de XSS en la caracteristica de redirecci\u00f3n en url.php en phpMyAdmin 4.2.x anterior a 4.2.13.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del par\u00e1metro url."}], "lastModified": "2017-09-08T01:29:32.980", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DEC525D5-EA90-4F01-B1D3-64F4BFBFC4DE"}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8ACC297E-A54A-4C92-9BCB-CDDA0C7E56C1"}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4FA4B695-DD00-45FE-8A74-A34E9920EE23"}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BC38B8F8-DB1C-4A7D-A15B-390754687F18"}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CFA5B74C-F0E8-46D0-AF53-A25145DA3E9B"}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A6DD88B5-9F4D-4B1C-8A36-CA9727514B42"}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E8645867-C499-41C6-8AA4-B5CB0DB4BB6D"}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "58EFA2AE-0CF3-47AE-9996-F3685851EA83"}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "708FC2C9-6038-4FDF-9B41-EFBBEA23F114"}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "79B0DE12-E756-44B3-8C2F-8C9246F36BC5"}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "50E07E05-60B4-4427-81B0-F44C3089E1F3"}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "887DAFF7-7344-4A1C-9DC0-C41BA3E7C092"}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.9.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E5BF910D-87F7-4FF5-ACA0-1FCEEF4DD741"}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2E9EFDB0-7D5A-4E6D-AAC3-A26121E2C152"}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.10.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C10AFF14-5C5A-4858-97A2-1208278D916E"}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E0716B60-E8C7-40EA-8A96-9EC0D868D11A"}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B6360AD1-B295-4123-A6AC-99B13FA12C1D"}, {"criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.2.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "29255C68-9B71-45DF-95B0-C84762B8CDD6"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}