CVE-2019-25454

Name of the Vulnerable Software and Affected Versions phpMoAdmin version 1.1.5

Description The software contains a stored cross-site scripting issue that allows attackers without authentication to inject malicious scripts. This is achieved by manipulating the collection parameter. Attackers can send GET requests to the ''moadmin.php'' endpoint with script payloads in the collection parameter during collection creation. This allows for the execution of arbitrary JavaScript in the browsers of users.

Recommendations Update phpMoAdmin to a newer version that addresses this issue. As a temporary workaround, sanitize the collection parameter to prevent script injection. Restrict access to the ''moadmin.php'' endpoint to authorized users only.