[arch-security] [ASA-201510-23] phpmyadmin: content spoofing
anthraxx at archlinux.org
Fri Oct 30 01:49:12 UTC 2015
Arch Linux Security Advisory ASA-201510-23
Date : 2015-10-30
CVE-ID : CVE-2015-7873
Package : phpmyadmin
Type : content spoofing
Remote : Yes
Link : https://wiki.archlinux.org/index.php/CVE
The package phpmyadmin before version 4.5.1-1 is vulnerable to content
Upgrade to 4.5.1-1.
# pacman -Syu "phpmyadmin>=4.5.1-1"
The problem has been fixed upstream in version 4.5.1.
This vulnerability allows an attacker to perform a content spoofing
attack using the phpMyAdmin's redirection mechanism to external sites.
This vulnerability is not considered to be critical since the spoofed
content is escaped and no HTML injection is possible.
A remote attacker is able do perform content spoofing using the
redirection mechanism to external sites.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: OpenPGP digital signature
More information about the arch-security