Lucene search
K

phpMyAdmin <4.9.0 - Cross-Site Request Forgery

🗓️ 16 Jul 2021 17:57:01Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 91 Views

phpMyAdmin <4.9.0 - Cross-Site Request Forgery vulnerability. Allows unauthorized action

Related
Refs
Code
ReporterTitlePublishedViews
Family
0day.today
phpMyAdmin 4.8 - Cross-Site Request Forgery Vulnerability
11 Jun 201900:00
zdt
FreeBSD
phpMyAdmin -- CSRF vulnerability in login form
4 Jun 201900:00
freebsd
AlpineLinux
CVE-2019-12616
5 Jun 201904:27
alpinelinux
Check Point Advisories
phpMyAdmin Cross-Site Request Forgery (CVE-2019-12616)
19 Jun 201900:00
checkpoint_advisories
CVE
CVE-2019-12616
5 Jun 201904:27
cve
Cvelist
CVE-2019-12616
5 Jun 201904:27
cvelist
Debian
[SECURITY] [DLA 1821-1] phpmyadmin security update
17 Jun 201920:41
debian
Debian CVE
CVE-2019-12616
5 Jun 201904:27
debiancve
Tenable Nessus
Debian DLA-1821-1 : phpmyadmin security update
18 Jun 201900:00
nessus
Tenable Nessus
Fedora 30 : php-phpmyadmin-sql-parser / phpMyAdmin (2019-13d2ba0aed)
14 Jun 201900:00
nessus
Rows per page
id: CVE-2019-12616

info:
  name: phpMyAdmin <4.9.0 - Cross-Site Request Forgery
  author: Mohammedsaneem,philippedelteil,daffainfo
  severity: medium
  description: phpMyAdmin before 4.9.0 is susceptible to cross-site request forgery. An attacker can utilize a broken <img> tag which points at the victim's phpMyAdmin database, thus leading to potential delivery of a payload, such as a specific INSERT or DELETE statement.
  impact: |
    An attacker can trick an authenticated user into performing unintended actions on the phpMyAdmin application.
  remediation: |
    Upgrade phpMyAdmin to version 4.9.0 or later to mitigate the CSRF vulnerability.
  reference:
    - https://www.phpmyadmin.net/security/PMASA-2019-4/
    - https://www.exploit-db.com/exploits/46982
    - https://nvd.nist.gov/vuln/detail/CVE-2019-12616
    - http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00005.html
    - http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00017.html
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
    cvss-score: 6.5
    cve-id: CVE-2019-12616
    cwe-id: CWE-352
    epss-score: 0.01696
    epss-percentile: 0.87724
    cpe: cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: phpmyadmin
    product: phpmyadmin
    shodan-query:
      - http.title:"phpmyadmin"
      - http.component:"phpmyadmin"
      - cpe:"cpe:2.3:a:phpmyadmin:phpmyadmin"
    fofa-query:
      - title="phpmyadmin"
      - body="pma_servername" && body="4.8.4"
    google-query: intitle:"phpmyadmin"
    hunter-query: app.name="phpmyadmin"&&web.body="pma_servername"&&web.body="4.8.4"
  tags: cve2019,cve,csrf,edb,phpmyadmin

http:
  - method: GET
    path:
      - "{{BaseURL}}/phpmyadmin/"

    matchers-condition: and
    matchers:
      - type: dsl
        dsl:
          - compare_versions(version, '< 4.9.0')

      - type: word
        words:
          - "phpmyadmin.net"
          - "phpMyAdmin"
        condition: or

      - type: status
        status:
          - 200
          - 401 # password protected

    extractors:
      - type: regex
        name: version
        group: 1
        regex:
          - '\?v=([0-9.]+)'
        internal: true

      - type: regex
        group: 1
        regex:
          - '\?v=([0-9.]+)'
# digest: 4b0a00483046022100f853d2dd0ea4cab7aead99ca58f1f56e4e1d7cfcfca88f15e059977db1ab99610221009302efaf4b299fb928e7082fc13feb5384d3980bbc1c0de911d8b036c160f45a:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

08 Jun 2024 16:02Current
7.6High risk
Vulners AI Score7.6
CVSS 24.3
CVSS 36.5
EPSS0.19184
91