From: Changqing Li <[email protected]> CVE-2025-24529: An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the Insert tab. Refer: https://nvd.nist.gov/vuln/detail/CVE-2025-24529
CVE-2025-24530: An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the check tables feature. A crafted table or database name could be used for XSS. Refer: https://nvd.nist.gov/vuln/detail/CVE-2025-24530 Signed-off-by: Changqing Li <[email protected]> --- .../phpmyadmin/CVE-2025-24529.patch | 36 ++++++++++++++++ .../phpmyadmin/CVE-2025-24530.patch | 42 +++++++++++++++++++ .../phpmyadmin/phpmyadmin_5.1.3.bb | 4 +- 3 files changed, 81 insertions(+), 1 deletion(-) create mode 100644 meta-webserver/recipes-php/phpmyadmin/phpmyadmin/CVE-2025-24529.patch create mode 100644 meta-webserver/recipes-php/phpmyadmin/phpmyadmin/CVE-2025-24530.patch diff --git a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/CVE-2025-24529.patch b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/CVE-2025-24529.patch new file mode 100644 index 000000000..4b862649d --- /dev/null +++ b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/CVE-2025-24529.patch @@ -0,0 +1,36 @@ +From a8e215c314a98008aab6f3147a409911be73108e Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Maur=C3=ADcio=20Meneghini=20Fauth?= <[email protected]> +Date: Sun, 12 Jan 2025 22:39:06 -0300 +Subject: [PATCH 1/2] Fix XSS vulnerability on Insert page +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: MaurĂcio Meneghini Fauth <[email protected]> + +CVE: CVE-2025-24529 +Upstream-Status: Backport [https://github.com/phpmyadmin/phpmyadmin/commit/7355ddff8d1da9453cf43c09a45666157b16103d] + +Signed-off-by: Changqing Li <[email protected]> +--- + libraries/classes/InsertEdit.php | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/libraries/classes/InsertEdit.php b/libraries/classes/InsertEdit.php +index abc3c5f..4bde765 100644 +--- a/libraries/classes/InsertEdit.php ++++ b/libraries/classes/InsertEdit.php +@@ -2166,8 +2166,8 @@ class InsertEdit + } elseif ($trueType === 'binary' || $trueType === 'varbinary') { + $special_chars = bin2hex($column['Default']); + } elseif (substr($trueType, -4) === 'text') { +- $textDefault = substr($column['Default'], 1, -1); +- $special_chars = stripcslashes($textDefault !== false ? $textDefault : $column['Default']); ++ $textDefault = (string) substr($column['Default'], 1, -1); ++ $special_chars = htmlspecialchars(stripcslashes($textDefault !== '' ? $textDefault : $column['Default'])); + } else { + $special_chars = htmlspecialchars($column['Default']); + } +-- +2.34.1 + diff --git a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/CVE-2025-24530.patch b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/CVE-2025-24530.patch new file mode 100644 index 000000000..4e36dbba8 --- /dev/null +++ b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/CVE-2025-24530.patch @@ -0,0 +1,42 @@ +From 76e8b760487139bbfba08b8a6f7fdad40a93ac57 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Maur=C3=ADcio=20Meneghini=20Fauth?= <[email protected]> +Date: Tue, 15 Oct 2024 12:27:22 -0300 +Subject: [PATCH 2/2] Fix unescaped table name when checking tables +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Signed-off-by: MaurĂcio Meneghini Fauth <[email protected]> + +CVE: CVE-2025-24530 +Upstream-Status: Backport [https://github.com/phpmyadmin/phpmyadmin/commit/23c13a81709728089ff031e5b1c29b5e91baa6a7] + +Signed-off-by: Changqing Li <[email protected]> +--- + libraries/classes/Table/Maintenance.php | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/libraries/classes/Table/Maintenance.php b/libraries/classes/Table/Maintenance.php +index 9ed72ef..0247c6e 100644 +--- a/libraries/classes/Table/Maintenance.php ++++ b/libraries/classes/Table/Maintenance.php +@@ -7,6 +7,7 @@ namespace PhpMyAdmin\Table; + use PhpMyAdmin\DatabaseInterface; + use PhpMyAdmin\Index; + use PhpMyAdmin\Util; ++use function htmlspecialchars; + use function implode; + use function sprintf; + +@@ -91,7 +92,7 @@ final class Maintenance + continue; + } + +- $indexesProblems .= sprintf(__('Problems with indexes of table `%s`'), $table); ++ $indexesProblems .= htmlspecialchars(sprintf(__('Problems with indexes of table `%s`'), $table)); + $indexesProblems .= $check; + } + +-- +2.34.1 + diff --git a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_5.1.3.bb b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_5.1.3.bb index 3f1919439..85a18dfd1 100644 --- a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_5.1.3.bb +++ b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_5.1.3.bb @@ -10,10 +10,12 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ SRC_URI = "https://files.phpmyadmin.net/phpMyAdmin/${PV}/phpMyAdmin-${PV}-all-languages.tar.xz \ file://apache.conf \ file://CVE-2023-25727.patch \ + file://CVE-2025-24529.patch \ + file://CVE-2025-24530.patch \ " SRC_URI[sha256sum] = "c562feddc0f8ff5e69629113f273a0d024a65fb928c48e89ce614744d478296f" - + UPSTREAM_CHECK_URI = "https://www.phpmyadmin.net/downloads/"; UPSTREAM_CHECK_REGEX = "phpMyAdmin-(?P<pver>\d+(\.\d+)+)-all-languages.tar.xz" -- 2.34.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#115304): https://lists.openembedded.org/g/openembedded-devel/message/115304 Mute This Topic: https://lists.openembedded.org/mt/111048125/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
