CVE-2015-7873 — Improper Input Validation in Phpmyadmin

CWE-254 CWE-20 — Improper Input Validation CWE-79 — Cross-site Scripting7 documents6 sources

Severity

5.0MEDIUMNVD

EPSS

0.6%

top 29.79%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpmyadmin Debian Phpmyadmin

Timeline

PublishedOct 28

Latest updateMay 17

Description

The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1 and 4.5.x before 4.5.1 allows remote attackers to spoof content via the url parameter.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages4 packages

▶debiandebian/phpmyadmin< phpmyadmin 4:4.5.1-1 (bookworm)

▶Packagistphpmyadmin/phpmyadmin4.4.0 — 4.4.15.1+1

▶Debianphpmyadmin/phpmyadmin< 4:4.5.1-1+3

▶NVDphpmyadmin/phpmyadmin23 versions+22

Patches

Patch: www.phpmyadmin.net ↗Patch: www.phpmyadmin.net ↗

🔴Vulnerability Details

GHSA

phpMyAdmin allows remote attackers to spoof content via the url parameter↗2022-05-17

▶

OSV

phpMyAdmin allows remote attackers to spoof content via the url parameter↗2022-05-17

▶

OSV

CVE-2015-7873: The redirection feature in url↗2015-10-28

▶

📋Vendor Advisories

Debian

CVE-2015-7873: phpmyadmin - The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1 and 4.5.x...↗2015

▶

Red Hat

phpMyAdmin: Content spoofing on url.php (PMASA-2015-5)↗

▶

💬Community

Bugzilla

CVE-2015-7873 phpMyAdmin: Content spoofing on url.php (PMASA-2015-5)↗2015-10-25

▶