PT-2019-3742 · Phpmyadmin+4 · Phpmyadmin+4

Manuel García Cárdenas

·

Published

2019-05-18

·

Updated

2024-06-15

·

CVE-2019-12922

CVSS v3.1

6.5

Medium

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Name of the Vulnerable Software and Affected Versions phpMyAdmin version 4.9.0.1
Description The issue is related to a CSRF problem that can be exploited by a remote attacker to delete any server on the Setup page. This allows for unauthorized actions on the database management system.
Recommendations For phpMyAdmin version 4.9.0.1, consider restricting access to the Setup page as a temporary workaround until a patch is available. Additionally, ensure that all users of the system are aware of the potential for unauthorized server deletion to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

ALT-PU-2019-3177
ALT-PU-2020-3212
ALT-PU-2021-3657
BDU:2019-04000
CVE-2019-12922
GHSA-4C9Q-64GQ-XHX4
OPENSUSE-SU-2019:2211-1
OPENSUSE-SU-2019_2211-1
OPENSUSE-SU-2020:0056-1
OPENSUSE-SU-2024:11171-1
USN-4843-1

Affected Products

Alt Linux
Linuxmint
Suse
Ubuntu
Phpmyadmin