Moderate severityNVD Advisory· Published Sep 13, 2019· Updated Aug 4, 2024
CVE-2019-12922
CVE-2019-12922
Description
A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in the Setup page.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
phpmyadmin/phpmyadminPackagist | < 4.9.1 | 4.9.1 |
Affected products
8- phpMyAdmin/phpMyAdmindescription
- ghsa-coords7 versionspkg:composer/phpmyadmin/phpmyadminpkg:rpm/opensuse/phpMyAdmin&distro=openSUSE%20Leap%2015.0pkg:rpm/opensuse/phpMyAdmin&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/phpMyAdmin&distro=openSUSE%20Tumbleweedpkg:rpm/suse/phpMyAdmin&distro=SUSE%20Package%20Hub%2012pkg:rpm/suse/phpMyAdmin&distro=SUSE%20Package%20Hub%2015pkg:rpm/suse/phpMyAdmin&distro=SUSE%20Package%20Hub%2015%20SP1
< 4.9.1+ 6 more
- (no CPE)range: < 4.9.1
- (no CPE)range: < 4.9.1-bp151.3.6.1
- (no CPE)range: < 4.9.1-bp151.3.6.1
- (no CPE)range: < 5.1.1-1.2
- (no CPE)range: < 4.9.1-bp151.3.6.1
- (no CPE)range: < 4.9.1-bp151.3.6.1
- (no CPE)range: < 4.9.1-bp151.3.6.1
Patches
Vulnerability mechanics
References
15- www.exploit-db.com/exploits/47385ghsaexploitx_refsource_EXPLOIT-DBWEB
- lists.opensuse.org/opensuse-security-announce/2019-09/msg00078.htmlghsavendor-advisoryx_refsource_SUSEWEB
- lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.htmlghsavendor-advisoryx_refsource_SUSEWEB
- github.com/advisories/GHSA-4c9q-64gq-xhx4ghsaADVISORY
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PBLBE6CSC2ZLINIRBUU5XBLXYVBTF3KA/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QJ5BW2VEMD2P23ZYRWHDBEQHOKGKGWD6/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YCB3PTGHZ7AJCM6BKCQRRP6HG3OKYCMN/mitrevendor-advisoryx_refsource_FEDORA
- nvd.nist.gov/vuln/detail/CVE-2019-12922ghsaADVISORY
- packetstormsecurity.com/files/154483/phpMyAdmin-4.9.0.1-Cross-Site-Request-Forgery.htmlghsax_refsource_MISCWEB
- seclists.org/fulldisclosure/2019/Sep/23ghsax_refsource_MISCWEB
- github.com/phpmyadmin/phpmyadmin/commit/427fbed55d3154d96ecfc1c7784d49eaa3c04161ghsax_refsource_MISCWEB
- github.com/phpmyadmin/phpmyadmin/commit/7d21d4223bdbe0306593309132b4263d7087d13bghsax_refsource_MISCWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBLBE6CSC2ZLINIRBUU5XBLXYVBTF3KAghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QJ5BW2VEMD2P23ZYRWHDBEQHOKGKGWD6ghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YCB3PTGHZ7AJCM6BKCQRRP6HG3OKYCMNghsaWEB
News mentions
0No linked articles in our index yet.