The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1 and 4.5.x before 4.5.1 allows remote attackers to spoof content via the url parameter.

According to its self-reported version, the phpMyAdmin application hosted on the remote web server is 4.4.x prior to 4.4.15.1 or 4.5.x prior to 4.5.1. It is, therefore, affected by a content spoofing vulnerability.

  - The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1 and 4.5.x before 4.5.1 allows     remote attackers to spoof content via the url parameter. (CVE-2015-7873)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

phpMyAdmin 4.5.1.0 (2015-10-23) =============================== - Invalid argument supplied for foreach() - array_key_exists() expects parameter 2 to be array - Notice Undefined index: drop_database - Server variable edition in ANSI_QUOTES sql_mode: losing current value
- Propose table structure broken - phpMyAdmin suggests upgrading to newer version not usable on that system - 'PMA_Microhistory' is undefined - Incorrect definition for getTablesWhenOpen() - Error when creating new user on MariaDB 10.0.21 - Notice on htmlspecialchars() - Notice in Structure page of views - AUTO_INCREMENT always exported when IF NOT EXISTS is on - Some partitions are missing in copied table
- Notice of undefined variable when performing SHOW CREATE - Error exporting sql query results with table alias - SQL editing window does not recognise 'OUTER' keyword in 'LEFT OUTER JOIN' - 'NOT IN' clause not recognized (MySQL 5.6 and 5.7) - Yellow star does not change in database Structure after add/remove from favorites - Invalid SQL in table definition when exporting table - Foreign key to other database's tables fails - Bug while exporting results when a joined table field name is in SELECT query - Strange behavior on table rename
- Rename table does not result in refresh in left panel - Missing arguments for PMA_Table::generateAlter() - Notices about undefined indexes on structure pages of information_schema tables

  - Change minimum PHP version for Composer - Import parser     and backslash - 'Visualize GIS data' seems to be broken
    - Confirm box on 'Reset slave' option - Fix cookies     clearing on version change - Cannot execute SQL with     subquery - Incorrect syntax creating a user using     mysql_native_password with MariaDB - Cannot use     third-party auth plugins

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Versions of phpMyAdmin 4.4.x prior to 4.4.15.1, or 4.5.x prior to 4.5.1 are unpatched for a flaw in the redirection mechanism that is triggered as input passed via the 'url' parameter is not properly sanitized in the 'url.php' script. This may allow a context-dependent attacker to inject arbitrary content.

phpMyAdmin was updated to fix one security issue.

This security issue was fixed :

  - CVE-2015-7873: The redirection feature in url.php in     phpMyAdmin 4.4.x before 4.4.15.1 and 4.5.x before 4.5.1     allowed remote attackers to spoof content via the url     parameter (bsc#951960).

phpMyAdmin was updated to version 4.4.15.1 to fix one security issue.

This security issue was fixed :

  - CVE-2015-7873: The redirection feature in url.php in     phpMyAdmin 4.4.x before 4.4.15.1 and 4.5.x before 4.5.1     allowed remote attackers to spoof content via the url     parameter (bsc#951960).

Several issues have been fixed in phpMyAdmin, the web administration tool for MySQL.

  - CVE-2014-8958 (Wheezy only)     Multiple cross-site scripting (XSS) vulnerabilities.

  - CVE-2014-9218 (Wheezy only)     Denial of service (resource consumption) via a long     password.

  - CVE-2015-2206     Risk of BREACH attack due to reflected parameter.

  - CVE-2015-3902     XSRF/CSRF vulnerability in phpMyAdmin setup.

  - CVE-2015-3903 (Jessie only)     Vulnerability allowing man-in-the-middle attack on API     call to GitHub.

  - CVE-2015-6830 (Jessie only)     Vulnerability that allows bypassing the reCaptcha test.

  - CVE-2015-7873 (Jessie only)     Content spoofing vulnerability when redirecting user to     an external site.

The phpMyAdmin development team reports :

This vulnerability allows an attacker to perform a content spoofing attack using the phpMyAdmin's redirection mechanism to external sites.

We consider this vulnerability to be non critical since the spoofed content is escaped and no HTML injection is possible.

ID	Name	Product	Family	Severity
144644	phpMyAdmin 4.4.0 < 4.4.15.1 / 4.5.0 < 4.5.1 Content Spoofing (PMASA-2015-5)	Nessus	CGI abuses	medium
89250	Fedora 21 : php-udan11-sql-parser-3.0.4-1.fc21 / phpMyAdmin-4.5.1-1.fc21 (2015-5c06260c4b)	Nessus	Fedora Local Security Checks	medium
89184	Fedora 23 : php-udan11-sql-parser-3.0.4-1.fc23 / phpMyAdmin-4.5.1-1.fc23 (2015-287c164df5)	Nessus	Fedora Local Security Checks	medium
89157	Fedora 22 : php-udan11-sql-parser-3.0.4-1.fc22 / phpMyAdmin-4.5.1-1.fc22 (2015-17908c56c1)	Nessus	Fedora Local Security Checks	medium
9118	phpMyAdmin 4.4.x < 4.4.15.1 / 4.5.x < 4.5.1 Content Spoofing Vulnerability (PMASA-2015-5)	Nessus Network Monitor	CGI	medium
86958	openSUSE Security Update : phpMyAdmin (openSUSE-2015-712)	Nessus	SuSE Local Security Checks	medium
86801	openSUSE Security Update : phpMyAdmin (openSUSE-2015-710)	Nessus	SuSE Local Security Checks	medium
86665	Debian DSA-3382-1 : phpmyadmin - security update	Nessus	Debian Local Security Checks	medium
86584	FreeBSD : phpMyAdmin -- Content spoofing vulnerability (08d11134-79c5-11e5-8987-6805ca0b3d42)	Nessus	FreeBSD Local Security Checks	medium

Detections

Analytics

CVE-2015-7873

high

Tenable Plugins

medium

medium

medium

medium

medium

medium

medium

medium

medium