Cross Site Request Forgery (CSRF)

phpmyadmin is vulnerable to cross site request forgery (CSRF). When an authenticated user is tricked into visiting a malicious web page, an attacker is able to perform unwanted actions on behalf of the victim such as rename databases, create new tables/routines, delete designer pages, add/delete users, update user passwords, kill SQL processes, etc.