FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpMyAdmin -- Content spoofing vulnerability

Affected packages
4.4.0 <= phpMyAdmin < 4.4.15.1
4.5.0 <= phpMyAdmin < 4.5.1

Details

VuXML ID 08d11134-79c5-11e5-8987-6805ca0b3d42
Discovery 2015-10-23
Entry 2015-10-23

The phpMyAdmin development team reports:

This vulnerability allows an attacker to perform a content spoofing attack using the phpMyAdmin's redirection mechanism to external sites.

We consider this vulnerability to be non critical since the spoofed content is escaped and no HTML injection is possible.

References

CVE Name CVE-2015-7873
URL https://www.phpmyadmin.net/security/PMASA-2015-5/