Lucene search

GitHub Advisory DatabaseGHSA-F9HX-5JQ4-FGJM

HistoryMay 14, 2022 - 1:05 a.m.

phpMyAdmin CSRF Vulnerability

2022-05-1401:05:59

CWE-352

GitHub Advisory Database

github.com

phpmyadmin

csrf

vulnerability

versions 4.7.x

database operations

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.744

Percentile

98.2%

JSON

phpMyAdmin versions 4.7.x (prior to 4.7.6.1/4.7.7) are vulnerable to a CSRF weakness. By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc.

Affected configurations

Vulners

Node

phpmyadminphpmyadminRange4.7–4.7.7

VendorProductVersionCPE
phpmyadminphpmyadmin*cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
phpmyadmin	phpmyadmin	*	cpe:2.3:a:phpmyadmin:phpmyadmin::::::::

References

cyberworldmirror.com/vulnerability-phpmyadmin-lets-attacker-perform-drop-table-single-click/

github.com/advisories/GHSA-f9hx-5jq4-fgjm

nvd.nist.gov/vuln/detail/CVE-2017-1000499

web.archive.org/web/20201208204518/www.securitytracker.com/id/1040163

www.exploit-db.com/exploits/45284/

www.phpmyadmin.net/security/PMASA-2017-9/

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.744

Percentile

98.2%

JSON

Related for GHSA-F9HX-5JQ4-FGJM