-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| phpmyadmin/phpmyadmin | composer | >= 4.6, < 4.6.6 | 4.6.6 |
| phpmyadmin/phpmyadmin | composer | >= 4.4, < 4.4.15.10 | 4.4.15.10 |
| phpmyadmin/phpmyadmin | composer | >= 4.0, < 4.0.10.19 | 4.0.10.19 |
Miggo AIRoot Cause AnalysisThe vulnerability (CWE-601) involves improper validation of redirect URLs. phpMyAdmin's PMA_sendHeaderLocation is the primary function responsible for sending Location headers for redirects. The security patches explicitly modified this function across multiple branches (4.6/4.4/4.0) to add URL validation logic, as indicated by the commit hashes provided in PMASA-2017-1. Before the patch, this function would process attacker-controlled 'target' parameters without proper domain checks, making it the direct vulnerable entry point for open redirect exploitation.
PHPPHPOngoing coverage of React2Shell