12 matches found
QIWI: gifts.flocktory.com/phpmyadmin is vulnerable csrf
Summary: Hello Team, I found that the PHPMyAdmin login panel is publicly accessible on https://gifts.flocktory.com and it is using the 4.6.6 version of PHPMyAdmin, which is vulnerable to several CVEs...
phpMyAdmin <= 4.9.1 Cross-Site Request Forgery Vulnerability
A cross-site request forgery XSRF vulnerability exists in the Setup page of phpMyAdmin. A remote attacker can exploit this by tricking a user into visiting a specially crafted web page, allowing the attacker to delete any server in the setup page by creating a fake hyperlink containing the...
Fedora 31 : phpMyAdmin (2019-644b438f51)
Upstream announcement : Welcome to phpMyAdmin 4.9.1, a bugfix release. This is a regularly-schedule bugfix release that also includes some security hardening measures. We wish to point out that this also includes a routine fix for an issue that has been reported as CVE-2019-12922. The fix for thi...
Fedora 29 : phpMyAdmin (2019-3b5a7abe17)
Upstream announcement : Welcome to phpMyAdmin 4.9.1, a bugfix release. This is a regularly-schedule bugfix release that also includes some security hardening measures. We wish to point out that this also includes a routine fix for an issue that has been reported as CVE-2019-12922. The fix for thi...
Fedora 30 : phpMyAdmin (2019-6404181bf9)
Upstream announcement : Welcome to phpMyAdmin 4.9.1, a bugfix release. This is a regularly-schedule bugfix release that also includes some security hardening measures. We wish to point out that this also includes a routine fix for an issue that has been reported as CVE-2019-12922. The fix for thi...
openSUSE Security Update : phpMyAdmin (openSUSE-2019-2211)
This update for phpMyAdmin to 4.9.1 fixes the following issues : Security issue fixed : - CVE-2019-12922: Fixed CSRF issue that allowed deletion of any server in the Setup page. boo1150914 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...
openSUSE: Security Advisory for phpMyAdmin (openSUSE-SU-2019:2211-1)
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Security update for phpMyAdmin (moderate)
openSUSE Security Update: Security update for phpMyAdmin Announcement ID: openSUSE-SU-2019:2211-1 Rating: moderate References: 1150914 Cross-References: CVE-2019-12922 Affected Products: openSUSE Leap 15.1 openSUSE Leap 15.0 openSUSE Backports SLE-15-SP1 openSUSE Backports SLE-15 SUSE Package Hub...
Warning: Researcher Drops phpMyAdmin Zero-Day Affecting All Versions
A cybersecurity researcher recently published details and proof-of-concept for an unpatched zero-day vulnerability in phpMyAdmin—one of the most popular applications for managing the MySQL and MariaDB databases. phpMyAdmin is a free and open source administration tool for MySQL and MariaDB that's...
CVE-2019-12922
The CVE-2019-12922 entry concerns a CSRF flaw in phpMyAdmin 4.9.0.1 that allows an attacker to cause deletion of a server from the Setup page by tricking a victim into visiting a crafted page. The root cause is insufficient validation of the HTTP request origin, enabling unauthorized actions on b...
phpMyAdmin 4.9.0.1 Cross Site Request Forgery
============================================= MGC ALERT 2019-003 - Original release date: June 13, 2019 - Last revised: September 13, 2019 - Discovered by: Manuel Garcia Cardenas - Severity: 4,3/10 CVSS Base Score - CVE-ID: CVE-2019-12922 ============================================= I...
phpMyAdmin 4.9.0.1 - Cross-Site Request Forgery
phpMyAdmin 4.9.0.1 - Cross-Site Request Forgery ============================================= MGC ALERT 2019-003 - Original release date: June 13, 2019 - Last revised: September 13, 2019 - Discovered by: Manuel Garcia Cardenas - Severity: 4,3/10 CVSS Base Score - CVE-ID: CVE-2019-12922...