Description
Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyAdmin before 2.9.1-rc1 allow remote attackers to perform unauthorized actions as another user by (1) directly setting a token in the URL though dynamic variable evaluation and (2) unsetting arbitrary variables via the _REQUEST array, related to (a) libraries/common.lib.php, (b) session.inc.php, and (c) url_generating.lib.php. NOTE: the PHP unset function vector is covered by CVE-2006-3017.
Remediation
References
Related Vulnerabilities
MySQL CVE-2019-2808 Vulnerability (CVE-2019-2808)
WordPress Plugin EventON Cross-Site Scripting (3.0.5)
IBM RTC Improper Restriction of XML External Entity Reference Vulnerability (CVE-2016-0219)
MediaWiki Other Vulnerability (CVE-2005-0536)
WordPress Plugin Count per Day 'month' Parameter SQL Injection (2.17)