header-logo
Suggest Exploit
vendor:
phpMyAdmin
by:
Manuel Garcia Cardenas
6.5
CVSS
MEDIUM
Cross-Site Request Forgery
352
CWE
Product Name: phpMyAdmin
Affected Version From: phpMyAdmin <= 4.9.0.1
Affected Version To: phpMyAdmin <= 4.9.0.1
Patch Exists: YES
Related CWE: CVE-2019-12922
CPE: a:phpmyadmin:phpmyadmin:4.9.0.1
Metasploit: https://www.rapid7.com/db/vulnerabilities/suse-cve-2019-12922/https://www.rapid7.com/db/vulnerabilities/alpine-linux-cve-2019-12922/https://www.rapid7.com/db/vulnerabilities/phpmyadmin-cve-2019-12922/https://www.rapid7.com/db/vulnerabilities/ubuntu-cve-2019-12922/
Other Scripts: N/A
Platforms Tested: None
2019

phpMyAdmin 4.9.0.1 – Cross-Site Request Forgery

Has been detected a Cross-Site Request Forgery in phpMyAdmin, that allows an attacker to trigger a CSRF attack against a phpMyAdmin user deleting any server in the Setup page.

Mitigation:

Implement in each call the validation of the token variable, as already done in other phpMyAdmin requests.
Source

Exploit-DB raw data:

Navigation

Suggest Exploit

Services By CQR