Arch Linux 201510-23: Low Severity phpMyAdmin Content Spoofing Incident

Arch Linux Security Advisory ASA-201510-23
=========================================
Severity: Low
Date    : 2015-10-30
CVE-ID  : CVE-2015-7873
Package : phpmyadmin
Type    : content spoofing
Remote  : Yes
Link    : https://wiki.archlinux.org/title/CVE

Summary
======
The package phpmyadmin before version 4.5.1-1 is vulnerable to content
spoofing.

Resolution
=========
Upgrade to 4.5.1-1.

# pacman -Syu "phpmyadmin>=4.5.1-1"

The problem has been fixed upstream in version 4.5.1.

Workaround
=========
None.

Description
==========
This vulnerability allows an attacker to perform a content spoofing
attack using the phpMyAdmin's redirection mechanism to external sites.
This vulnerability is not considered to be critical since the spoofed
content is escaped and no HTML injection is possible.

Impact
=====
A remote attacker is able do perform content spoofing using the
redirection mechanism to external sites.

References
=========
https://www.cve.org/CVERecord?id=CVE-2015-7873
https://www.phpmyadmin.net/security/PMASA-2015-5/