Vulnerability Description
The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1 and 4.5.x before 4.5.1 allows remote attackers to spoof content via the url parameter.
CVSS Score
5.0
MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Phpmyadmin | Phpmyadmin | 4.4.0 |
Related Weaknesses (CWE)
References
- http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171311.h
- http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171326.h
- http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169987.ht
- http://www.debian.org/security/2015/dsa-3382
- http://www.securityfocus.com/bid/77299
- http://www.securitytracker.com/id/1034013
- https://github.com/phpmyadmin/phpmyadmin/commit/cd097656758f981f80fb9029c7d6b429
- https://www.phpmyadmin.net/security/PMASA-2015-5/PatchVendor Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171311.h
- http://lists.fedoraproject.org/pipermail/package-announce/2015-November/171326.h
- http://lists.fedoraproject.org/pipermail/package-announce/2015-October/169987.ht
- http://www.debian.org/security/2015/dsa-3382
- http://www.securityfocus.com/bid/77299
- http://www.securitytracker.com/id/1034013
- https://github.com/phpmyadmin/phpmyadmin/commit/cd097656758f981f80fb9029c7d6b429
FAQ
What is CVE-2015-7873?
CVE-2015-7873 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1 and 4.5.x before 4.5.1 allows remote attackers to spoof content via the url parameter.
How severe is CVE-2015-7873?
CVE-2015-7873 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-7873?
Check the references section above for vendor advisories and patch information. Affected products include: Phpmyadmin Phpmyadmin.