Cross-site request forgery in phpMyAdmin - CVE-2017-1000499
Published: January 2, 2018 / Updated: June 17, 2021
Vulnerability identifier: #VU9819
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear
CVE-ID: CVE-2017-1000499
CWE-ID: CWE-352
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vendor: phpMyAdmin
Affected software:
phpMyAdmin
phpMyAdmin
Detailed vulnerability description
The vulnerability allows a remote attacker to perform CSRF attack.
The vulnerability exists due to absent validation of the request origin when performing certain database operations, such as deleting records or altering/truncating data in tables. A remote attacker can create a specially crafted web page, trick the victim into opening it and perform CSRF attack.
The vulnerability exists due to absent validation of the request origin when performing certain database operations, such as deleting records or altering/truncating data in tables. A remote attacker can create a specially crafted web page, trick the victim into opening it and perform CSRF attack.
How to mitigate CVE-2017-1000499
Update to version 4.7.7.