GitHub Advisory DatabaseGHSA-F9HX-5JQ4-FGJMphpMyAdmin CSRF Vulnerability
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.744 High
EPSS
Percentile
98.1%
phpMyAdmin versions 4.7.x (prior to 4.7.6.1/4.7.7) are vulnerable to a CSRF weakness. By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| phpmyadmin/phpmyadmin | lt | 4.7.7 |
References
cyberworldmirror.com/vulnerability-phpmyadmin-lets-attacker-perform-drop-table-single-click/
github.com/advisories/GHSA-f9hx-5jq4-fgjm
nvd.nist.gov/vuln/detail/CVE-2017-1000499
web.archive.org/web/20201208204518/www.securitytracker.com/id/1040163
www.exploit-db.com/exploits/45284/
www.phpmyadmin.net/security/PMASA-2017-9/
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.744 High
EPSS
Percentile
98.1%