FLAT-S08EK – Vulnerability | Fluid Attacks Database

Database

Description

phpMyAdmin Cross-Site Request Forgery (CSRF) A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in the Setup page.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
packagist	phpmyadmin/phpmyadmin	>=0 <4.9.1	4.9.1
debian 13	phpmyadmin	>=0 <4:4.9.1+dfsg1-2	4:4.9.1+dfsg1-2
debian 12	phpmyadmin	>=0 <4:4.9.1+dfsg1-2	4:4.9.1+dfsg1-2
debian 11	phpmyadmin	>=0 <4:4.9.1+dfsg1-2	4:4.9.1+dfsg1-2

Aliases

1. CVE-2019-129222. NVD-2019-129223. OSV-2019-129224. OSV-DEBIAN-2019-129225. GCVE-2019-129226. SECURITY-TRACKER-CVE-2019-12922

References

1. https://github.com/phpmyadmin/phpmyadmin/commit/427fbed55d3154d96ecfc1c7784d49eaa3c041612. https://github.com/phpmyadmin/phpmyadmin/commit/7d21d4223bdbe0306593309132b4263d7087d13b3. https://lists.fedoraproject.org/archives/list/[email protected]/message/PBLBE6CSC2ZLINIRBUU5XBLXYVBTF3KA4. https://lists.fedoraproject.org/archives/list/[email protected]/message/QJ5BW2VEMD2P23ZYRWHDBEQHOKGKGWD65. https://lists.fedoraproject.org/archives/list/[email protected]/message/YCB3PTGHZ7AJCM6BKCQRRP6HG3OKYCMN6. https://www.exploit-db.com/exploits/473857. http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00078.html8. http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html9. http://packetstormsecurity.com/files/154483/phpMyAdmin-4.9.0.1-Cross-Site-Request-Forgery.html10. http://seclists.org/fulldisclosure/2019/Sep/23