Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

phpMyAdmin 4.4.x < / 4.5.x < 4.5.1 Content Spoofing Vulnerability (PMASA-2015-5)



The remote web server contains a PHP application that is affected by a content spoofing vulnerability.


Versions of phpMyAdmin 4.4.x prior to, or 4.5.x prior to 4.5.1 are unpatched for a flaw in the redirection mechanism that is triggered as input passed via the 'url' parameter is not properly sanitized in the 'url.php' script. This may allow a context-dependent attacker to inject arbitrary content.


Upgrade to phpMyAdmin / 4.5.1 or later. Alternatively, apply the patch referenced in the vendor advisory.