Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

phpMyAdmin 4.0.x < 4.0.3 'view_create.php' XSS



The remote web server contains a PHP application that is affected by a potential security vulnerability.


Versions of phpMyAdmin 4.0.0 through 4.0.3 are potentially affected by a cross site scripting vulnerability in the 'view_create.php' script of the 'Create View' page. The issue occurs when creating a view with a crafted name and an incorrect 'CREATE' statement. An attacker may leverage this to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, which can allow the attacker to steal cookie-based authentication credentials and launch other attacks.


Apply the vendor patches or upgrade to phpMyAdmin 4.0.3 or later.