CVE-2019-12616

CVE-2019-12616

Name

CVE-2019-12616

Description

An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken <img> tag pointing at the victim's phpMyAdmin database, and the attacker can potentially deliver a payload (such as a specific INSERT or DELETE statement) to the victim.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Mitigation	https://www.phpmyadmin.net/security/PMASA-2019-4/
Vendor Advisory	https://www.phpmyadmin.net/security/
BID	http://www.securityfocus.com/bid/108619
MISC	http://packetstormsecurity.com/files/153251/phpMyAdmin-4.8-Cross-Site-Request-Forgery.html
FEDORA	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/II4HC4QO6WUL2IRSQKCB66UBJOLLI5OV/
FEDORA	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKJMYVXEDXGEGRO42T6H6VOEZJ65QPQ7/
MLIST	https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html
SUSE	http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00005.html
SUSE	http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00017.html

Type

URI

Mitigation

https://www.phpmyadmin.net/security/PMASA-2019-4/

Vendor Advisory

https://www.phpmyadmin.net/security/

BID

http://www.securityfocus.com/bid/108619

MISC

http://packetstormsecurity.com/files/153251/phpMyAdmin-4.8-Cross-Site-Request-Forgery.html

FEDORA

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/II4HC4QO6WUL2IRSQKCB66UBJOLLI5OV/

FEDORA

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKJMYVXEDXGEGRO42T6H6VOEZJ65QPQ7/

MLIST

https://lists.debian.org/debian-lts-announce/2019/06/msg00009.html

SUSE

http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00005.html

SUSE

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00017.html

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:phpmyadmin:phpmyadmin::::::::`	phpmyadmin	>= None	< 4.9.0

CPE URI

Source package

Min version

Max version

cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*

phpmyadmin

>= None

< 4.9.0

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
phpmyadmin	edge-community	4.9.0.1-r0	None	fixed
phpmyadmin	edge-community	4.8.5-r0	None	possibly vulnerable
phpmyadmin	edge-community	4.8.4-r0	None	possibly vulnerable
phpmyadmin	edge-community	4.8.2-r0	None	possibly vulnerable
phpmyadmin	edge-community	4.8.0.-r1	None	possibly vulnerable
phpmyadmin	edge-community	4.8.0-r1	None	possibly vulnerable
phpmyadmin	edge-community	4.6.5.2-r0	None	possibly vulnerable
phpmyadmin	3.22-community	4.9.0.1-r0	None	fixed
phpmyadmin	3.22-community	4.8.5-r0	None	possibly vulnerable
phpmyadmin	3.22-community	4.8.4-r0	None	possibly vulnerable
phpmyadmin	3.22-community	4.8.2-r0	None	possibly vulnerable
phpmyadmin	3.22-community	4.8.0-r1	None	possibly vulnerable
phpmyadmin	3.22-community	4.6.5.2-r0	None	possibly vulnerable
phpmyadmin	3.21-community	4.9.0.1-r0	None	fixed
phpmyadmin	3.20-community	4.9.0.1-r0	None	fixed
phpmyadmin	3.19-community	4.9.0.1-r0	None	fixed
phpmyadmin	3.18-community	4.9.0.1-r0	None	fixed
phpmyadmin	3.17-community	4.9.0.1-r0	None	fixed

Source package

Branch

Version

Maintainer

Status

References

Match rules

Vulnerable and fixed packages