====================================================================

                             CERT-Renater

                 Note d'Information No. 2018/VULN065
_____________________________________________________________________

DATE                : 22/02/2018

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running phpMyAdmin version 4.7.x prior to
                                          4.7.8.

=====================================================================
https://www.phpmyadmin.net/security/PMASA-2018-1/
_____________________________________________________________________


PMASA-2018-1

Announcement-ID: PMASA-2018-1

Date: 2018-02-20


Summary

Self XSS in central columns feature


Description

A self-cross site scripting (XSS) vulnerability has been reported
relating to the central columns feature.


Severity

We consider this vulnerability to be of moderate severity.


Mitigation factor

A valid token must be used in the attack


Affected Versions

Versions 4.7.x (prior to 4.7.8) are affected.


Solution

Upgrade to phpMyAdmin 4.7.8 or newer or apply patch listed below.


References

Thanks to Mayur Udiniya for finding this vulnerability.

Assigned CVE ids: CVE-2018-7260

CWE ids: CWE-661


Patches

The following commits have been made on the 4.7 branch to fix this
issue:

    d2886a3


More information

For further information and in case of questions, please contact the
phpMyAdmin team. Our website is phpmyadmin.net.


==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================