phpMyAdmin Cross-Site Request Forgery Vulnerability (CVE-2019-12922) Threat Alert

phpMyAdmin Cross-Site Request Forgery Vulnerability (CVE-2019-12922) Threat Alert

October 8, 2019 | Adeline Zhang
  1. Vulnerability Description

phpMyAdmin is a free, open-source tool for administering MySQL and MariaDB. It is widely used to manage databases of websites created with WordPress, Joomla, and other content management platforms.

Recently, a security researcher Manuel Garcia Cardenas disclosed a cross-site request forgery (CSRF) vulnerability (CVE-2019-12922) in phpMyAdmin. An attacker can exploit this vulnerability to trick an authenticated user into performing malicious operations. Specifically, the attacker first crafts a malicious URL and sends it to the targeted web administrator, who has logged in to the phyMyAdmin panel on the same browser. If the administrator clicks this link, the malicious request contained in the URL will be unknowingly executed, leading to deletion of any server configured on the setup page of the phyMyAdmin panel on the victim’s server.

Reference:

https://packetstormsecurity.com/files/154483/phpMyAdmin-4.9.0.1-Cross-Site-Request-Forgery.html

  1. Scope of Impact

Affected Versions

  • phpMyAdmin <= 4.9.0.1

Unaffected Versions

None

  1. Mitigation

    • Workarounds

phyMyAdmin maintainers have not patched the vulnerability. Users can address this vulnerability by implementing the validation of the token variable in each call.

Before the maintainers patch the vulnerability, related users are strongly recommended to avoid clicking any suspicious links. At the same time, users are advised to keep their ears open for any information about an official update so as to upgrade their installations as soon as possible.

Statement

This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and/or indirect consequences and losses caused by transmitting and/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add/delete any information to/from it, or use this advisory for commercial purposes without permission from NSFOCUS.

About NSFOCUS

NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks. The company’s Intelligent Hybrid Security strategy utilizes both cloud and on-premises security platforms, built on a foundation of real-time global threat intelligence, to provide multi-layered, unified and dynamic protection against advanced cyber attacks.

NSFOCUS works with Fortune Global 500 companies, including four of the world’s five largest financial institutions, organizations in insurance, retail, healthcare, critical infrastructure industries as well as government agencies. NSFOCUS has technology and channel partners in more than 60 countries, is a member of both the Microsoft Active Protections Program (MAPP), and the Cloud Security Alliance (CSA).

A wholly owned subsidiary of NSFOCUS Information Technology Co. Ltd., the company has operations in the Americas, Europe, the Middle East and Asia Pacific.