CVE-2019-25453

Name of the Vulnerable Software and Affected Versions phpMoAdmin version 1.1.5

Description The software contains a reflected cross-site scripting issue that allows attackers to inject malicious scripts. Unauthenticated attackers can manipulate the newdb parameter in the moadmin.php file to inject JavaScript payloads. Attackers can create URLs with these payloads, causing arbitrary code execution in users' browsers when they visit the malicious link. The vulnerable parameter is newdb within the ''/moadmin.php'' endpoint.

Recommendations Update phpMoAdmin to a newer version that addresses this issue. As a temporary workaround, sanitize the newdb parameter in the ''moadmin.php'' file to prevent the injection of malicious scripts.