Lucene search

GitHub Advisory DatabaseGHSA-4C9Q-64GQ-XHX4

HistoryMay 24, 2022 - 10:00 p.m.

phpMyAdmin Cross-Site Request Forgery (CSRF)

2022-05-2422:00:34

CWE-352

GitHub Advisory Database

github.com

phpmyadmin

csrf

vulnerability

setup page

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

AI Score

7.1

Confidence

Low

EPSS

0.906

Percentile

98.9%

JSON

A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in the Setup page.

Affected configurations

Vulners

Node

phpmyadminphpmyadminRange≤4.9.0.1

VendorProductVersionCPE
phpmyadminphpmyadmin*cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
phpmyadmin	phpmyadmin	*	cpe:2.3:a:phpmyadmin:phpmyadmin::::::::

References

lists.opensuse.org/opensuse-security-announce/2019-09/msg00078.html

lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html

packetstormsecurity.com/files/154483/phpMyAdmin-4.9.0.1-Cross-Site-Request-Forgery.html

seclists.org/fulldisclosure/2019/Sep/23

github.com/advisories/GHSA-4c9q-64gq-xhx4

github.com/phpmyadmin/phpmyadmin/commit/427fbed55d3154d96ecfc1c7784d49eaa3c04161

github.com/phpmyadmin/phpmyadmin/commit/7d21d4223bdbe0306593309132b4263d7087d13b

lists.fedoraproject.org/archives/list/[email protected]/message/PBLBE6CSC2ZLINIRBUU5XBLXYVBTF3KA

lists.fedoraproject.org/archives/list/[email protected]/message/QJ5BW2VEMD2P23ZYRWHDBEQHOKGKGWD6

lists.fedoraproject.org/archives/list/[email protected]/message/YCB3PTGHZ7AJCM6BKCQRRP6HG3OKYCMN

nvd.nist.gov/vuln/detail/CVE-2019-12922

www.exploit-db.com/exploits/47385

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:P/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

AI Score

7.1

Confidence

Low

EPSS

0.906

Percentile

98.9%

JSON

Related for GHSA-4C9Q-64GQ-XHX4