XSS vulnerability in drag-and-drop upload (CVE-2023-25727, PMASA-2023-1)
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
phpmyadmin (Debian) |
Fix Released
|
Undecided
|
William Desportes | ||
phpmyadmin (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Jammy |
Confirmed
|
Undecided
|
Unassigned | ||
Kinetic |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
[ Impact ]
An authenticated user can trigger an XSS attack by uploading a specially-crafted .sql file through the drag-and-drop interface.
CVE-2023-25727, PMASA-2023-1
[ Test Plan ]
- create a file named `"><img src=x onerror=
- install phpmyadmin and a local database
- login
- drag and drop the file
- view the uploads and click `Failed` to verify the XSS occurs.
- install the package with the proposed fix
- retry the operation above and verify the XSS no longer occours.
[ Where problems could occur ]
The fix consists in sanitizing user input through the document.
[1] https:/
[ Other Info ]
This has been fixed since lunar.
- https:/
- https:/
Related branches
- William Desportes (community): Approve
- Canonical Server packageset reviewers: Pending requested
- Canonical Server Reporter: Pending requested
-
Diff: 155 lines (+98/-1)7 files modifieddebian/NEWS (+11/-0)
debian/changelog (+14/-0)
debian/conf/apache.conf (+6/-0)
debian/control (+2/-1)
debian/patches/CVE-2023-25727.patch (+24/-0)
debian/patches/Require-PHP-8.0.patch (+39/-0)
debian/patches/series (+2/-0)
- William Desportes (community): Approve (diff)
- Canonical Server Reporter: Pending requested
-
Diff: 166 lines (+101/-2)7 files modifieddebian/NEWS (+11/-0)
debian/changelog (+16/-0)
debian/conf/apache.conf (+6/-0)
debian/control (+3/-2)
debian/patches/CVE-2023-25727.patch (+24/-0)
debian/patches/Require-PHP-8.0.patch (+39/-0)
debian/patches/series (+2/-0)
- William Desportes (community): Approve (debdiff)
- Canonical Server Reporter: Pending requested
-
Diff: 155 lines (+98/-1)7 files modifieddebian/NEWS (+11/-0)
debian/changelog (+14/-0)
debian/conf/apache.conf (+6/-0)
debian/control (+2/-1)
debian/patches/CVE-2023-25727.patch (+24/-0)
debian/patches/Require-PHP-8.0.patch (+39/-0)
debian/patches/series (+2/-0)
CVE References
Changed in phpmyadmin (Debian): | |
assignee: | nobody → William Desportes (williamdes) |
status: | New → Fix Released |
Changed in phpmyadmin (Ubuntu): | |
status: | New → Fix Released |
summary: |
- [SRU] Fix CVE-2023-25727, PMASA-2023-1 + XSS vulnerability in drag-and-drop upload (CVE-2023-25727, PMASA-2023-1) |
description: | updated |
An upload of phpmyadmin to kinetic-proposed has been rejected from the upload queue for the following reason: "incomplete Recommends fix (LP: #2016017)".