CVE-2019-25451

Name of the Vulnerable Software and Affected Versions PHPMoAdmin version 1.1.5

Description The software contains a cross-site request forgery flaw. This allows attackers to perform unauthorized database operations by creating malicious requests. Attackers can deceive authenticated users into submitting GET requests to the moadmin.php endpoint with parameters such as action, db, and collection. This enables the creation, deletion, or repair of databases and collections without the user's knowledge. The vulnerable parameter is action.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the moadmin.php endpoint to minimize the risk of exploitation.