PMASA-2015-5
Announcement-ID: PMASA-2015-5
Date: 2015-10-23
Summary
Content spoofing vulnerability when redirecting user to an external site
Description
This vulnerability allows an attacker to perform a content spoofing attack using the phpMyAdmin's redirection mechanism to external sites.
Severity
We consider this vulnerability to be non critical since the spoofed content is escaped and no HTML injection is possible.
Affected Versions
Versions 4.4.x (prior to 4.4.15.1) and 4.5.x (prior to 4.5.1) are affected.
Solution
Upgrade to phpMyAdmin 4.4.15.1 or newer, or 4.5.1 or newer or apply patch listed below.
References
Thanks to Lalith Rallabhandi for reporting this vulnerability.
Assigned CVE IDs: CVE-2015-7873
Patches
The following commits have been made on the 4.4 branch to fix this issue:
The following commits have been made on the 4.5 branch to fix this issue:
More information
For further information and in case of questions, please contact the phpMyAdmin security team at security@phpmyadmin.net.