| VID |
210123 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The phpMyAdmin package, according to its version number, has redirect vulnerability. The version of phpMyAdmin on the remote host fails to validate input
passed to the 'url' parameter in the 'url.php' script before redirecting to a specified location. An attacker may be able to exploit this issue to conduct phishing attacks by tricking users into visiting malicious websites.
* Note: This check solely relied on the version number of the remote phpMyAdmin software to assess this vulnerability, so this might be a false positive.
* References:
http://www.phpmyadmin.net/home_page/security/PMASA-2011-4.php
* Platforms Affected:
phpMyAdmin prior to 3.4.1
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of phpMyAdmin (3.4.1 or later), available from the phpMyAdmin Download Web page at http://www.phpmyadmin.net/home_page/downloads.php |
| Related URL |
(CVE) |
| Related URL |
47943 (SecurityFocus) |
| Related URL |
(ISS) |
|
