Moderate severityNVD Advisory· Published Jun 5, 2019· Updated Aug 4, 2024
CVE-2019-12616
CVE-2019-12616
Description
An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken tag pointing at the victim's phpMyAdmin database, and the attacker can potentially deliver a payload (such as a specific INSERT or DELETE statement) to the victim.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
phpmyadmin/phpmyadminPackagist | < 4.9.0 | 4.9.0 |
Affected products
8- phpMyAdmin/phpMyAdmindescription
- ghsa-coords7 versionspkg:composer/phpmyadmin/phpmyadminpkg:rpm/opensuse/phpMyAdmin&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/phpMyAdmin&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/phpMyAdmin&distro=openSUSE%20Tumbleweedpkg:rpm/suse/phpMyAdmin&distro=SUSE%20Package%20Hub%2012pkg:rpm/suse/phpMyAdmin&distro=SUSE%20Package%20Hub%2015pkg:rpm/suse/phpMyAdmin&distro=SUSE%20Package%20Hub%2015%20SP1
< 4.9.0+ 6 more
- (no CPE)range: < 4.9.0
- (no CPE)range: < 4.9.0.1-bp150.31.1
- (no CPE)range: < 4.9.0.1-bp150.31.1
- (no CPE)range: < 5.1.1-1.2
- (no CPE)range: < 4.9.0.1-bp150.31.1
- (no CPE)range: < 4.9.0.1-bp150.31.1
- (no CPE)range: < 4.9.0.1-bp151.3.3.1
Patches
Vulnerability mechanics
References
14- lists.opensuse.org/opensuse-security-announce/2019-07/msg00005.htmlmitrevendor-advisoryx_refsource_SUSE
- lists.opensuse.org/opensuse-security-announce/2019-08/msg00017.htmlmitrevendor-advisoryx_refsource_SUSE
- github.com/advisories/GHSA-mfr9-pcm3-6mwcghsaADVISORY
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/II4HC4QO6WUL2IRSQKCB66UBJOLLI5OV/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKJMYVXEDXGEGRO42T6H6VOEZJ65QPQ7/mitrevendor-advisoryx_refsource_FEDORA
- nvd.nist.gov/vuln/detail/CVE-2019-12616ghsaADVISORY
- packetstormsecurity.com/files/153251/phpMyAdmin-4.8-Cross-Site-Request-Forgery.htmlmitrex_refsource_MISC
- www.securityfocus.com/bid/108619mitrevdb-entryx_refsource_BID
- github.com/phpmyadmin/phpmyadmin/commit/015c404038c44279d95b6430ee5a0dddc97691ecghsaWEB
- lists.debian.org/debian-lts-announce/2019/06/msg00009.htmlmitremailing-listx_refsource_MLIST
- packetstormsecurity.com/files/153251/phpMyAdmin-4.8-Cross-Site-Request-Forgery.htmlghsaWEB
- www.phpmyadmin.net/security/mitrex_refsource_MISC
- www.phpmyadmin.net/security/PMASA-2019-4ghsaWEB
- www.phpmyadmin.net/security/PMASA-2019-4/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.