CSRF in phpPgAdmin

Published: 2020-02-07 | Updated: 2020-11-07
Risk Medium
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2019-10784
Exploitation vector Network
Public exploit N/A
Vulnerable software
Web applications / Other software

Vendor phpPgAdmin Development Team

Security Bulletin

This security bulletin contains information about 1 vulnerabilities.

Updated: 07.11.2020

Marked vulnerability as patched.

1) Cross-site request forgery

EUVDB-ID: #VU25042

Risk: Medium


CVE-ID: CVE-2019-10784

CWE-ID: CWE-352 - Cross-Site Request Forgery (CSRF)

Exploit availability: No


The vulnerability allows a remote attacker to perform cross-site request forgery attacks.

The vulnerability exists due to insufficient validation of the HTTP request origin. A remote attacker can trick the victim to visit a specially crafted web page and perform arbitrary actions on behalf of the victim on the vulnerable website, such as be leveraged by a remote attacker to trick a logged-in administrator to visit a malicious page with a CSRF exploit and execute arbitrary system commands on the server.


Install update from vendor's website.

Vulnerable software versions

phpPgAdmin: 0.5.0 - 7.12.1

CPE2.3 External links


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?