CSRF Vulnerability in phpMyAdmin Affects Server Deletion
CVE-2019-12922

6.5MEDIUM

Key Information:

Vendor
PHPmyadmin
Status
PHPmyadmin
Vendor
CVE Published:
13 September 2019

Summary

A Cross-Site Request Forgery (CSRF) vulnerability exists in phpMyAdmin version 4.9.0.1 that enables unauthorized users to delete any server from the Setup page. This security flaw can be exploited if a user is tricked into making an unintended request while being authenticated in phpMyAdmin. Effective security measures, such as implementing anti-CSRF tokens, are crucial to protect against such attacks and ensure the integrity of server configurations.

References

http://seclists.org/fulldisclosure/2019/Sep/23
x_refsource_MISC
http://packetstormsecurity.com/files/154483/phpMyAdmin-4....
x_refsource_MISC
https://www.exploit-db.com/exploits/47385
exploitx_refsource_EXPLOIT-DB

EPSS Score

80% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.