An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken <img> tag pointing at the victim's phpMyAdmin database, and the attacker can potentially deliver a payload (such as a specific INSERT or DELETE statement) to the victim.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Phpmyadmin |
|
No data.
No data.
Advisories
| Source | ID | Title |
|---|---|---|
 Debian DLA |
DLA-1821-1 | phpmyadmin security update |
 Github GHSA |
GHSA-mfr9-pcm3-6mwc | phpMyAdmin CSRF Vulnerability |
 Ubuntu USN |
USN-4639-1 | phpMyAdmin vulnerabilities |
| Ubuntu USN |
USN-4843-1 | phpMyAdmin vulnerabilities |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Sat, 12 Jul 2025 13:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
epss
|
epss
|
Fri, 11 Jul 2025 13:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
epss
|
epss
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-04T23:24:39.192Z
Reserved: 2019-06-03T00:00:00
Link: CVE-2019-12616
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-06-05T05:29:00.510
Modified: 2024-11-21T04:23:11.647
Link: CVE-2019-12616
Redhat
No data.
OpenCVE Enrichment
No data.