mirrors/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-06-14 05:49:57 +00:00
Code Issues Projects Releases Wiki Activity

phpmyadmin: fix CVE-2023-25727

Browse Source 
In phpMyAdmin before 4.9.11 and 5.x before 5.2.1,
an authenticated user can trigger XSS by
uploading a crafted .sql file through the drag-and-drop interface.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2023-25727

Upstream patch:
https://github.com/phpmyadmin/phpmyadmin/commit/efa2406695551667f726497750d3db91fb6f662e

Signed-off-by: Dragos-Marian Panait <dragos.panait@windriver.com>
Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
This commit is contained in:
Dragos-Marian Panait
2023-03-24 07:49:56 -07:00
committed by Armin Kuster
parent 496d23c0fc
commit 99047e44ce
2 changed files with 38 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta-webserver/recipes-php/phpmyadmin/phpmyadmin_5.1.3.bb
+1
View File
@@ -9,6 +9,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
SRC_URI = "https://files.phpmyadmin.net/phpMyAdmin/${PV}/phpMyAdmin-${PV}-all-languages.tar.xz \
file://apache.conf \
file://CVE-2023-25727.patch \
"
SRC_URI[sha256sum] = "c562feddc0f8ff5e69629113f273a0d024a65fb928c48e89ce614744d478296f"