It was possible to cause CSS injection in themes by crafted cookie parameters. Affected versions: All 4.6.x versions (prior to 4.6.6), 4.4.x versions (prior to 4.4.15.10), and 4.0.x versions (prior to 4.0.10.19) are affected. Upstream patches: https://github.com/phpmyadmin/phpmyadmin/commit/8a08162 https://github.com/phpmyadmin/phpmyadmin/commit/bd3677f https://github.com/phpmyadmin/phpmyadmin/commit/3a62476 External References: https://www.phpmyadmin.net/security/PMASA-2017-4/
Created phpMyAdmin tracking bugs for this issue: Affects: fedora-all [bug 1416003] Affects: epel-all [bug 1416004]
Created phpMyAdmin4 tracking bugs for this issue: Affects: epel-5 [bug 1416005]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.