From: Dragos-Marian Panait <dragos.pan...@windriver.com> In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface.
Reference: https://nvd.nist.gov/vuln/detail/CVE-2023-25727 Upstream patch: https://github.com/phpmyadmin/phpmyadmin/commit/efa2406695551667f726497750d3db91fb6f662e Signed-off-by: Dragos-Marian Panait <dragos.pan...@windriver.com> Signed-off-by: Joe Slater <joe.sla...@windriver.com> --- .../phpmyadmin/CVE-2023-25727.patch | 37 +++++++++++++++++++ .../phpmyadmin/phpmyadmin_5.1.3.bb | 1 + 2 files changed, 38 insertions(+) create mode 100644 meta-webserver/recipes-php/phpmyadmin/phpmyadmin/CVE-2023-25727.patch diff --git a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/CVE-2023-25727.patch b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/CVE-2023-25727.patch new file mode 100644 index 000000000..707334a51 --- /dev/null +++ b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/CVE-2023-25727.patch @@ -0,0 +1,37 @@ +From 0842f11158699a979437125756b26eeabedab9ab Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Maur=C3=ADcio=20Meneghini=20Fauth?= <mauri...@fauth.dev> +Date: Fri, 5 Aug 2022 20:18:16 -0300 +Subject: [PATCH] Fix not escaped title when using drag and drop upload +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: MaurĂcio Meneghini Fauth <mauri...@fauth.dev> + +Upstream-Status: Backport +CVE: CVE-2023-25727 + +Reference to upstream patch: +https://github.com/phpmyadmin/phpmyadmin/commit/efa2406695551667f726497750d3db91fb6f662e + +Signed-off-by: Dragos-Marian Panait <dragos.pan...@windriver.com> +--- + js/src/drag_drop_import.js | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/js/src/drag_drop_import.js b/js/src/drag_drop_import.js +index 55250c2..9b8710e 100644 +--- a/js/src/drag_drop_import.js ++++ b/js/src/drag_drop_import.js +@@ -130,7 +130,7 @@ var DragDropImport = { + var filename = $this.parent('span').attr('data-filename'); + $('body').append('<div class="pma_drop_result"><h2>' + + Messages.dropImportImportResultHeader + ' - ' + +- filename + '<span class="close">x</span></h2>' + value.message + '</div>'); ++ Functions.escapeHtml(filename) + '<span class="close">x</span></h2>' + value.message + '</div>'); + $('.pma_drop_result').draggable(); // to make this dialog draggable + } + }); +-- +2.39.1 + diff --git a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_5.1.3.bb b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_5.1.3.bb index 7ccc05ec3..3f1919439 100644 --- a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_5.1.3.bb +++ b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_5.1.3.bb @@ -9,6 +9,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ SRC_URI = "https://files.phpmyadmin.net/phpMyAdmin/${PV}/phpMyAdmin-${PV}-all-languages.tar.xz \ file://apache.conf \ + file://CVE-2023-25727.patch \ " SRC_URI[sha256sum] = "c562feddc0f8ff5e69629113f273a0d024a65fb928c48e89ce614744d478296f" -- 2.25.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#179010): https://lists.openembedded.org/g/openembedded-core/message/179010 Mute This Topic: https://lists.openembedded.org/mt/97812721/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
