FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpMyAdmin -- clickJacking protection can be bypassed

Affected packages
phpMyAdmin < 4.0.5

Details

VuXML ID 17326fd5-fcfb-11e2-9bb9-6805ca0b3d42
Discovery 2013-08-04
Entry 2013-08-04

The phpMyAdmin development team reports:

phpMyAdmin has a number of mechanisms to avoid a clickjacking attack, however these mechanisms either work only in modern browser versions, or can be bypassed.

"We have no solution for 3.5.x, due to the proposed solution requiring JavaScript. We don't want to introduce a dependency to JavaScript in the 3.5.x family."

[source]

References

URL http://www.phpmyadmin.net/home_page/security/PMASA-2013-10.php

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.