Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2019-12616 — Cross-Site Request Forgery in Phpmyadmin
Severity
6.5MEDIUMNVD
OSV5.0
EPSS
55.1%
top 1.94%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedJun 5
Latest updateMay 24
Description
An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken tag pointing at the victim's phpMyAdmin database, and the attacker can potentially deliver a payload (such as a specific INSERT or DELETE statement) to the victim.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6
Affected Packages5 packages
Patches
🔴Vulnerability Details
5💥Exploits & PoCs
1📋Vendor Advisories
3💬Community
3Bugzilla▶
CVE-2019-12616 phpmyadmin: broken tag provided by attacker and pointing at the victim's phpMyAdmin database can cause CSRF through the victim↗2019-06-05
Bugzilla▶
CVE-2019-12616 phpMyAdmin: broken tag provided by attacker and pointing at the victim's phpMyAdmin database can cause CSRF through the victim [fedora-all]↗2019-06-05
Bugzilla▶
CVE-2019-12616 phpMyAdmin: broken tag provided by attacker and pointing at the victim's phpMyAdmin database can cause CSRF through the victim [epel-all]↗2019-06-05