CVE-2015-7873 — phpMyAdmin allows remote attackers to spoof content via the url parameter

Description

The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1 and 4.5.x before 4.5.1 allows remote attackers to spoof content via the url parameter.

How to fix CVE-2015-7873

To remediate CVE-2015-7873, upgrade the affected package to a fixed version below.

Debian/phpmyadmin—upgrade to 4:4.5.1-1 or later
Packagist/phpmyadmin/phpmyadmin—upgrade to 4.4.15.1 or later

Is CVE-2015-7873 being exploited?

Low — EPSS is 0.6%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0, < 4:4.5.1-1
>= 4.4.0, < 4.4.15.1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 4.0	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

References (12)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2015-7873
ADVISORYsecurity-tracker.debian.org/tracker/CVE-2015-7873
PATCHgithub.com/phpmyadmin/phpmyadmin
WEBlists.fedoraproject.org/pipermail/package-announce/2015-November/171311.html