CSRF in phpMyAdmin

Published: 2017-12-21 14:01:56 | Updated: 2018-01-02 11:59:26
Severity Low
Patch available YES
Number of vulnerabilities 1
CVE ID N/A
CVSSv3 5.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CWE ID CWE-352
Exploitation vector Network
Public exploit Not available
Vulnerable software phpMyAdmin
Vulnerable software versions phpMyAdmin 4.7.6
phpMyAdmin 4.7.5
phpMyAdmin 4.7.4
Show more
Vendor URL phpMyAdmin

Security Advisory

1) Cross-site request forgery

Description

The vulnerability allows a remote attacker to perform CSRF attack.

The vulnerability exists due to absent validation of the request origin when performing certain database operations, such as deleting records or altering/truncating data in tables. A remote attacker can create a specially crafted web page, trick the victim into opening it and perform CSRF attack.

Remediation

Update to version 4.7.7.

External links

https://www.phpmyadmin.net/security/PMASA-2017-9/

Back to List