PT-2019-3742 · Phpmyadmin+4 · Phpmyadmin+4

Manuel García Cárdenas

·

Publicado

2019-05-18

·

Atualizado

2024-06-15

·

CVE-2019-12922

CVSS v3.1

6.5

Média

VetorAV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Name of the Vulnerable Software and Affected Versions phpMyAdmin version 4.9.0.1
Description The issue is related to a CSRF problem that can be exploited by a remote attacker to delete any server on the Setup page. This allows for unauthorized actions on the database management system.
Recommendations For phpMyAdmin version 4.9.0.1, consider restricting access to the Setup page as a temporary workaround until a patch is available. Additionally, ensure that all users of the system are aware of the potential for unauthorized server deletion to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

CSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-352

Identificadores relacionados

ALT-PU-2019-3177
ALT-PU-2020-3212
ALT-PU-2021-3657
BDU:2019-04000
CVE-2019-12922
GHSA-4C9Q-64GQ-XHX4
OPENSUSE-SU-2019:2211-1
OPENSUSE-SU-2019_2211-1
OPENSUSE-SU-2020:0056-1
OPENSUSE-SU-2024:11171-1
USN-4843-1

Produtos afetados

Alt Linux
Linuxmint
Suse
Ubuntu
Phpmyadmin