Mandriva Linux Security Advisory : phpmyadmin (MDVSA-2014:046)
Low Nessus Plugin ID 72641
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionA vulnerability has been discovered and corrected in phpmyadmin :
Cross-site scripting (XSS) vulnerability in import.php in phpMyAdmin before 4.1.7 allows remote authenticated users to inject arbitrary web script or HTML via a crafted filename in an import action (CVE-2014-1879).
This upgrade provides the latest phpmyadmin version (4.1.7) to address this vulnerability.
Additionally phpseclib packages has been added due to new dependencies.
SolutionUpdate the affected phpmyadmin and / or phpseclib packages.