Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

phpMyAdmin 4.4.x < 4.4.15.1 / 4.5.x < 4.5.1 Content Spoofing Vulnerability (PMASA-2015-5)

Medium

Synopsis

The remote web server contains a PHP application that is affected by a content spoofing vulnerability.

Description

Versions of phpMyAdmin 4.4.x prior to 4.4.15.1, or 4.5.x prior to 4.5.1 are unpatched for a flaw in the redirection mechanism that is triggered as input passed via the 'url' parameter is not properly sanitized in the 'url.php' script. This may allow a context-dependent attacker to inject arbitrary content.

Solution

Upgrade to phpMyAdmin 4.4.15.1 / 4.5.1 or later. Alternatively, apply the patch referenced in the vendor advisory.