CVE-2015-7873

The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1 and 4.5.x before 4.5.1 allows remote attackers to spoof content via the url parameter.

Published Bycve@mitre.org

Published DateOct 28, 2015, 10:59

Affected Versions(2)

phpmyadmin/phpmyadmin(Packagist)

Introduced4.4.0

Fixed4.4.15.1

LimitN/A

phpmyadmin/phpmyadmin(Packagist)

Introduced4.5.0

Fixed4.5.1

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
phpmyadmin/phpmyadmin(Packagist)	4.4.0	4.4.15.1	N/A
phpmyadmin/phpmyadmin(Packagist)	4.5.0	4.5.1	N/A

Weakness Type (CWE):CWE-254

CVSS Metrics

Base Score

Vector String

AV:N/AC:L/Au:N/C:N/I:P/A:N

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

NONE

Integrity (I)

PARTIAL

Availability (A)

NONE

References

Weakness Type (CWE):CWE-254

CVSS Metrics

Base Score

Vector String

AV:N/AC:L/Au:N/C:N/I:P/A:N

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

NONE

Integrity (I)

PARTIAL

Availability (A)

NONE