phpMyAdmin 4.4.x < / 4.5.x < 4.5.1 Content Spoofing Vulnerability (PMASA-2015-5)

ID 9118.PRM
Type nessus
Reporter Tenable
Modified 2019-03-06T00:00:00


Versions of phpMyAdmin 4.4.x prior to, or 4.5.x prior to 4.5.1 are unpatched for a flaw in the redirection mechanism that is triggered as input passed via the 'url' parameter is not properly sanitized in the 'url.php' script. This may allow a context-dependent attacker to inject arbitrary content.

                                            Binary data 9118.prm