PhpMyAdmin 'url' Parameter URI Redirection Vulnerability Network Vulnerability

Summary

This host is running phpMyAdmin and is prone to URI redirection vulnerability.

Impact

Successful exploitation will allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks. Impact Level: Application

Solution

Upgrade to phpMyAdmin version 3.4.1 or later. For updates refer to http://www.phpmyadmin.net/home_page/downloads.php

Insight

The flaw is due to an improper validation of user-supplied input to the 'url' parameter in url.php, which allows attackers to redirect a user to an arbitrary website.

Affected

phpMyAdmin version 3.4.0

References

http://secunia.com/advisories/44641
http://www.phpmyadmin.net/home_page/security/PMASA-2011-4.php
http://www.securityfocus.com/bid/47943
http://xforce.iss.net/xforce/xfdb/67569

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-1941

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

AjaXplorer 'doc_file' Parameter Local File Disclosure Vulnerability
Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
Apache ActiveMQ Multiple Vulnerabilities
Afian 'includer.php' Directory Traversal Vulnerability
Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability

phpMyAdmin 'url' Parameter URI Redirection Vulnerability

Take action and discover your vulnerabilities