Mandriva Linux Security Advisory : phpmyadmin (MDVSA-2014:183)
Medium Nessus Plugin ID 77840
SynopsisThe remote Mandriva Linux host is missing a security update.
DescriptionUpdated phpmyadmin package fixes security vulnerability :
In phpMyAdmin before 4.2.9, by deceiving a logged-in user to click on a crafted URL, it is possible to perform remote code execution and in some cases, create a root account due to a DOM based XSS vulnerability in the micro history feature (CVE-2014-6300).
SolutionUpdate the affected phpmyadmin package.