[3.2] phpmyadmin: Content spoofing vulnerability when redirecting user to an external site (CVE-2015-7873)
This vulnerability allows an attacker to perform a content spoofing
attack
using the phpMyAdmin’s redirection mechanism to external sites.
Affected Versions:
Versions 4.4.x (prior to 4.4.15.1) and 4.5.x (prior to 4.5.1) are
affected.
Solution
Upgrade to phpMyAdmin 4.4.15.1 or newer, or 4.5.1 or newer
References:
https://www.phpmyadmin.net/security/PMASA-2015-5/
Patches:
The following commits have been made on the 4.4 branch to fix this issue:
https://github.com/phpmyadmin/phpmyadmin/commit/2b31866fe0b30b867aaf5b5fedb11adb354e037f
The following commits have been made on the 4.5 branch to fix this issue:
https://github.com/phpmyadmin/phpmyadmin/commit/cd097656758f981f80fb9029c7d6b4294582b706
(from redmine: issue id 4804, created on 2015-10-29, closed on 2015-12-02)
- Relations:
- parent #4803 (closed)
- Changesets:
- Revision 3f87a862 by Natanael Copa on 2015-12-02T09:55:55Z:
main/phpmyadmin: security upgrade to 4.4.15.1 (CVE-2015-7873)
fixes #4804