Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2019-12922Cross-Site Request Forgery in Phpmyadmin

CWE-352Cross-Site Request Forgery10 documents7 sources
Severity
6.5MEDIUMNVD
OSV5.0
EPSS
42.3%
top 2.54%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
PhpmyadminDebian PhpmyadminFedoraproject Fedora
Timeline
PublishedSep 13
Latest updateMay 24

Description

A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in the Setup page.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages5 packages

debiandebian/phpmyadmin< phpmyadmin 4:4.9.1+dfsg1-2 (bookworm)
Packagistphpmyadmin/phpmyadmin< 4.9.1
Debianphpmyadmin/phpmyadmin< 4:4.9.1+dfsg1-2+3
Ubuntuphpmyadmin/phpmyadmin< 4:4.0.10-1ubuntu0.1+esm4+3

Also affects: Fedora 29, 30, 31

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

4
GHSA
phpMyAdmin Cross-Site Request Forgery (CSRF)2022-05-24
OSV
phpMyAdmin Cross-Site Request Forgery (CSRF)2022-05-24
OSV
phpmyadmin vulnerabilities2021-03-16
OSV
CVE-2019-12922: A CSRF issue in phpMyAdmin 42019-09-13

💥Exploits & PoCs

1
Exploit-DB
phpMyAdmin 4.9.0.1 - Cross-Site Request Forgery2019-09-13

📋Vendor Advisories

2
Ubuntu
phpMyAdmin vulnerabilities2021-03-16
Debian
CVE-2019-12922: phpmyadmin - A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in the Setup pa...2019

💬Community

2
Bugzilla
CVE-2019-12922 phpMyAdmin: a CSRF in the setup page allows deletion of server [fedora-all]2019-09-18
Bugzilla
CVE-2019-12922 phpMyAdmin: a CSRF in the setup page allows deletion of server2019-09-18