Description
The Transformation implementation in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not use the no-referrer Content Security Policy (CSP) protection mechanism, which makes it easier for remote attackers to conduct CSRF attacks by reading an authentication token in a Referer header, related to libraries/Header.php.
Remediation
References
Related Vulnerabilities
MySQL CVE-2020-2577 Vulnerability (CVE-2020-2577)
WordPress Plugin Countdown and CountUp, WooCommerce Sales Timer Cross-Site Request Forgery (1.5.7)
phpBB Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-16108)
WordPress Plugin Stylish Price List Security Bypass (6.8.14)
Joomla Deserialization of Untrusted Data Vulnerability (CVE-2019-11831)