CVE-2019-12616

An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken <img> tag pointing at the victim's phpMyAdmin database, and the attacker can potentially deliver a payload (such as a specific INSERT or DELETE statement) to the victim.

References

Affected packages

Git / github.com/phpmyadmin/phpmyadmin

Affected ranges

Type

GIT

Repo

https://github.com/phpmyadmin/phpmyadmin

Events

Introduced

Fixed

4ab33481be875d188d5e5c0860dd1499cd92e9d3

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "4.9.0"
        }
    ]
}

Affected versions

Other

RELEASE_2_2_0

RELEASE_2_2_1

RELEASE_2_2_2

RELEASE_2_2_3

RELEASE_2_2_4

RELEASE_2_2_5

RELEASE_2_2_6

RELEASE_2_2_7PL1

RELEASE_2_3_0

RELEASE_2_3_1

RELEASE_2_3_2

RELEASE_2_3_3PL1

RELEASE_2_4_0

RELEASE_2_5_0

RELEASE_2_5_1

RELEASE_2_5_2

RELEASE_2_5_4

RELEASE_2_5_5PL1

RELEASE_2_5_6

RELEASE_2_5_7PL1

RELEASE_2_6_1PL3

RELEASE_2_6_2PL1

RELEASE_2_6_3PL1

RELEASE_2_6_4PL4

RELEASE_2_7_0PL2

RELEASE_2_8_0_4

RELEASE_2_8_1

RELEASE_2_8_2_4

RELEASE_2_9_0

RELEASE_3_4_0RC2

RELEASE_3_5_0ALPHA1

RELEASE_4_0_0ALPHA2

RELEASE_4_0_0BETA3

RELEASE_4_0_0RC1

RELEASE_4_1_0ALPHA1

RELEASE_4_1_0BETA1

RELEASE_4_1_0BETA2

RELEASE_4_2_0ALPHA2

RELEASE_4_2_0BETA1

RELEASE_4_8_0ALPHA1

RELEASE_4_8_0RC1

RELEASE_4_8_1

RELEASE_4_8_2

RELEASE_4_8_3

RELEASE_4_8_4

RELEASE_4_8_5

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-12616.json"