Description

An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken <img> tag pointing at the victim's phpMyAdmin database, and the attacker can potentially deliver a payload (such as a specific INSERT or DELETE statement) to the victim.

Remediation

References

CVE-2019-12616

Related Vulnerabilities

Apache Tomcat Other Vulnerability (CVE-2011-1183)

WebLogic Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2021-21347)

EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-7987)

WordPress Plugin WP Featured Post with thumbnail 'src' Parameter Cross-Site Scripting (3.0)

WordPress Plugin Woocommerce Products Price Bulk Edit Cross-Site Scripting (2.2.0)

Severity

Medium

Classification

CVE-2019-12616 CWE-352 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities