phpmyadmin: fix CVE-2025-24529/CVE-2025-24530

CVE-2025-24529: An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the Insert tab. Refer: https://nvd.nist.gov/vuln/detail/CVE-2025-24529 CVE-2025-24530: An issue was discovered in phpMyAdmin 5.x before 5.2.2. An XSS vulnerability has been discovered for the check tables feature. A crafted table or database name could be used for XSS. Refer: https://nvd.nist.gov/vuln/detail/CVE-2025-24530 Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2026-04-02 02:49:12 +00:00 · 2025-02-07 14:29:55 +08:00 · 2025-02-07 14:29:55 +08:00 · 880df90c86
commit 880df90c86
parent b7dc1e8eb7
3 changed files with 81 additions and 1 deletions
--- a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/CVE-2025-24529.patch
+++ b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/CVE-2025-24529.patch
@ -0,0 +1,36 @@
+From a8e215c314a98008aab6f3147a409911be73108e Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Maur=C3=ADcio=20Meneghini=20Fauth?= <mauricio@mfauth.net>
+Date: Sun, 12 Jan 2025 22:39:06 -0300
+Subject: [PATCH 1/2] Fix XSS vulnerability on Insert page
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Maurício Meneghini Fauth <mauricio@mfauth.net>
+
+CVE: CVE-2025-24529
+Upstream-Status: Backport [https://github.com/phpmyadmin/phpmyadmin/commit/7355ddff8d1da9453cf43c09a45666157b16103d]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ libraries/classes/InsertEdit.php | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/libraries/classes/InsertEdit.php b/libraries/classes/InsertEdit.php
+index abc3c5f..4bde765 100644
+--- a/libraries/classes/InsertEdit.php
+++ b/libraries/classes/InsertEdit.php
+@@ -2166,8 +2166,8 @@ class InsertEdit
+         } elseif ($trueType === 'binary' || $trueType === 'varbinary') {
+             $special_chars = bin2hex($column['Default']);
+         } elseif (substr($trueType, -4) === 'text') {
+-            $textDefault = substr($column['Default'], 1, -1);
+-            $special_chars = stripcslashes($textDefault !== false ? $textDefault : $column['Default']);
+            $textDefault = (string) substr($column['Default'], 1, -1);
+            $special_chars = htmlspecialchars(stripcslashes($textDefault !== '' ? $textDefault : $column['Default']));
+         } else {
+             $special_chars = htmlspecialchars($column['Default']);
+         }
+-- 
+2.34.1
+
--- a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/CVE-2025-24530.patch
+++ b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/CVE-2025-24530.patch
@ -0,0 +1,42 @@
+From 76e8b760487139bbfba08b8a6f7fdad40a93ac57 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Maur=C3=ADcio=20Meneghini=20Fauth?= <mauricio@mfauth.net>
+Date: Tue, 15 Oct 2024 12:27:22 -0300
+Subject: [PATCH 2/2] Fix unescaped table name when checking tables
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Signed-off-by: Maurício Meneghini Fauth <mauricio@mfauth.net>
+
+CVE: CVE-2025-24530
+Upstream-Status: Backport [https://github.com/phpmyadmin/phpmyadmin/commit/23c13a81709728089ff031e5b1c29b5e91baa6a7]
+
+Signed-off-by: Changqing Li <changqing.li@windriver.com>
+---
+ libraries/classes/Table/Maintenance.php | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/libraries/classes/Table/Maintenance.php b/libraries/classes/Table/Maintenance.php
+index 9ed72ef..0247c6e 100644
+--- a/libraries/classes/Table/Maintenance.php
+++ b/libraries/classes/Table/Maintenance.php
+@@ -7,6 +7,7 @@ namespace PhpMyAdmin\Table;
+ use PhpMyAdmin\DatabaseInterface;
+ use PhpMyAdmin\Index;
+ use PhpMyAdmin\Util;
+use function htmlspecialchars;
+ use function implode;
+ use function sprintf;
+ 
+@@ -91,7 +92,7 @@ final class Maintenance
+                 continue;
+             }
+ 
+-            $indexesProblems .= sprintf(__('Problems with indexes of table `%s`'), $table);
+            $indexesProblems .= htmlspecialchars(sprintf(__('Problems with indexes of table `%s`'), $table));
+             $indexesProblems .= $check;
+         }
+ 
+-- 
+2.34.1
+
--- a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_5.1.3.bb
+++ b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_5.1.3.bb
@ -10,10 +10,12 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
 SRC_URI = "https://files.phpmyadmin.net/phpMyAdmin/${PV}/phpMyAdmin-${PV}-all-languages.tar.xz \
           file://apache.conf \
           file://CVE-2023-25727.patch \
+           file://CVE-2025-24529.patch \
+           file://CVE-2025-24530.patch \
 "

 SRC_URI[sha256sum] = "c562feddc0f8ff5e69629113f273a0d024a65fb928c48e89ce614744d478296f"
-
+ 
 UPSTREAM_CHECK_URI = "https://www.phpmyadmin.net/downloads/"
 UPSTREAM_CHECK_REGEX = "phpMyAdmin-(?P<pver>\d+(\.\d+)+)-all-languages.tar.xz"