Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2019-12616

Published: 05/06/2019 Updated: 07/11/2023
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 435
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Phpmyadmin

Vulnerability Summary

An issue exists in phpMyAdmin prior to 4.9.0. A vulnerability was found that allows an malicious user to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken <img> tag pointing at the victim's phpMyAdmin database, and the attacker can potentially deliver a payload (such as a specific INSERT or DELETE statement) to the victim.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

phpmyadmin phpmyadmin

Vendor Advisories

Debian CVElist Bug Report Logs: phpmyadmin: CVE-2019-12616: PMASA-2019-4
Debian Bug report logs - #930017 phpmyadmin: CVE-2019-12616: PMASA-2019-4 Package: src:phpmyadmin; Maintainer for src:phpmyadmin is Thijs Kinkhorst &lt;thijs@debianorg&gt;; Reported by: Salvatore Bonaccorso &lt;carnil@debianorg&gt; Date: Wed, 5 Jun 2019 09:30:02 UTC Severity: grave Tags: security, upstream Found in versions ...

Exploits

Exploit DB: phpMyAdmin 4.8 - Cross-Site Request Forgery
# Exploit Title: Cross Site Request Forgery (CSRF) # Date: 11 June 2019 # Exploit Author: Riemann # Vendor Homepage: wwwphpmyadminnet/ # Software Link: wwwphpmyadminnet/downloads/ # Version: 48 # Tested on: UBUNTU 1604 LTS -Installed Docker image - docker pull phpmyadmin/phpmyadmin:48 # CVE : 2019-12616 # Description # An i ...
Exploit DB: phpMyAdmin 4.8 Cross Site Request Forgery
phpMyAdmin version 48 suffers from a cross site request forgery vulnerability ...

Github Repositories

https://github.com/pdelteil/HackerOneAPIClient

This project is a bash client to use HackerOne's API.

HackerOneAPIClient The main idea of this project is to send reports automatically (or programmatically, some day automagically) to HackerOne programs Configuration Setup your HackerOne username and APIkey into the configtxt file Get your API Key here Create a dummy project here (I recommend you to also create another h1 account, otherwise you might have too many repo

References

CWE-352https://www.phpmyadmin.net/security/PMASA-2019-4/https://www.phpmyadmin.net/security/http://www.securityfocus.com/bid/108619http://packetstormsecurity.com/files/153251/phpMyAdmin-4.8-Cross-Site-Request-Forgery.htmlhttps://lists.debian.org/debian-lts-announce/2019/06/msg00009.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-07/msg00005.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-08/msg00017.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/II4HC4QO6WUL2IRSQKCB66UBJOLLI5OV/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKJMYVXEDXGEGRO42T6H6VOEZJ65QPQ7/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930017https://nvd.nist.govhttps://github.com/pdelteil/HackerOneAPIClienthttps://www.exploit-db.com/exploits/46982
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-3400deserializationCVE-2024-21788CVE-2023-42433CVE-2024-21841CVE-2024-22095local file inclusionmemory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook