FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpMyAdmin -- XSRF/CSRF vulnerability

Affected packages
4.7.0	<=	phpMyAdmin	<	4.7.7

Details

VuXML ID	63eb2b11-e802-11e7-a58c-6805ca0b3d42
Discovery	2017-12-23
Entry	2017-12-23

The phpMyAdmin team reports:

Description

By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc.

Severity

We consider this vulnerability to be critical.

[source]

References

URL	https://www.phpmyadmin.net/security/PMASA-2017-9/