phpMyAdmin 4.4.x < 126.96.36.199 / 4.5.x < 4.5.1 Content Spoofing Vulnerability (PMASA-2015-5)
Medium Nessus Network Monitor Plugin ID 9118
SynopsisThe remote web server contains a PHP application that is affected by a content spoofing vulnerability.
DescriptionVersions of phpMyAdmin 4.4.x prior to 188.8.131.52, or 4.5.x prior to 4.5.1 are unpatched for a flaw in the redirection mechanism that is triggered as input passed via the 'url' parameter is not properly sanitized in the 'url.php' script. This may allow a context-dependent attacker to inject arbitrary content.
SolutionUpgrade to phpMyAdmin 184.108.40.206 / 4.5.1 or later. Alternatively, apply the patch referenced in the vendor advisory.