Vulnerability Details CVE-2015-7873
The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1 and 4.5.x before 4.5.1 allows remote attackers to spoof content via the url parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 66.1%
CVSS Severity
CVSS v2 Score 5.0
References
- http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171311.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171326.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169987.html
- http://www.debian.org/security/2015/dsa-3382
- http://www.securityfocus.com/bid/77299
- http://www.securitytracker.com/id/1034013
- https://github.com/phpmyadmin/phpmyadmin/commit/cd097656758f981f80fb9029c7d6b4294582b706
- https://www.phpmyadmin.net/security/PMASA-2015-5/
- http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171311.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171326.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169987.html
- http://www.debian.org/security/2015/dsa-3382
- http://www.securityfocus.com/bid/77299
- http://www.securitytracker.com/id/1034013
- https://github.com/phpmyadmin/phpmyadmin/commit/cd097656758f981f80fb9029c7d6b4294582b706
- https://www.phpmyadmin.net/security/PMASA-2015-5/
Products affected by CVE-2015-7873
-
cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.0
-
cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.1.1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.10
-
cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.11
-
cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.12
-
cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.13
-
cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.13.1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.14
-
cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.14.1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.15
-
cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.2
-
cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.3
-
cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.4
-
cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.5
-
cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.6
-
cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.6.1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.7
-
cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.8
-
cpe:2.3:a:phpmyadmin:phpmyadmin:4.4.9
-
cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.0
-
cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.0.1
-
cpe:2.3:a:phpmyadmin:phpmyadmin:4.5.0.2