CVE-2012-4345

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Database Structure page in phpMyAdmin 3.4.x before 3.4.11.1 and 3.5.x before 3.5.2.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) a crafted table name during table creation, or a (2) Empty link or (3) Drop link for a crafted table name.

How to fix CVE-2012-4345

To remediate CVE-2012-4345, upgrade the affected package to a fixed version below.

• Debian/phpmyadmin—upgrade to 4:3.4.11.1-1 or later
• —upgrade to 3.4.11.1 or later

Is CVE-2012-4345 being exploited?

Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

• from 0, < 4:3.4.11.1-1
• >= 3.4, < 3.4.11.1

References (4)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2012-4345
• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2012-4345
• WEBweb.archive.org/web/20150523055725/http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2012:136/?name=MDVSA-2012:136
• WEBwww.phpmyadmin.net/home_page/security/PMASA-2012-4.php