phpMyAdmin 4.4.x < 4.4.15.1 / 4.5.x < 4.5.1 Content Spoofing Vulnerability (PMASA-2015-5)

2016-03-02T00:00:00
ID 9118.PRM
Type nessus
Reporter Tenable
Modified 2019-03-06T00:00:00

Description

Versions of phpMyAdmin 4.4.x prior to 4.4.15.1, or 4.5.x prior to 4.5.1 are unpatched for a flaw in the redirection mechanism that is triggered as input passed via the 'url' parameter is not properly sanitized in the 'url.php' script. This may allow a context-dependent attacker to inject arbitrary content.

                                        
                                            Binary data 9118.prm