phpMyAdmin 4.9.0.1 Cross Site Request Forgery

2019.09.14
Credit: Manuel Garcia Cardenas
Risk: Low
Local: No
Remote: Yes
CVE: CVE-2019-12922
CWE: CWE-352


CVSS Base Score: 5.8/10
Impact Subscore: 4.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: Partial

============================================= MGC ALERT 2019-003 - Original release date: June 13, 2019 - Last revised: September 13, 2019 - Discovered by: Manuel Garcia Cardenas - Severity: 4,3/10 (CVSS Base Score) - CVE-ID: CVE-2019-12922 ============================================= I. VULNERABILITY ------------------------- phpMyAdmin 4.9.0.1 - Cross-Site Request Forgery II. BACKGROUND ------------------------- phpMyAdmin is a free software tool written in PHP, intended to handle the administration of MySQL over the Web. phpMyAdmin supports a wide range of operations on MySQL and MariaDB. III. DESCRIPTION ------------------------- Has been detected a Cross-Site Request Forgery in phpMyAdmin, that allows an attacker to trigger a CSRF attack against a phpMyAdmin user deleting any server in the Setup page. IV. PROOF OF CONCEPT ------------------------- Exploit CSRF - Deleting main server <p>Deleting Server 1</p> <img src=" http://server/phpmyadmin/setup/index.php?page=servers&mode=remove&id=1" style="display:none;" /> V. BUSINESS IMPACT ------------------------- The attacker can easily create a fake hyperlink containing the request that wants to execute on behalf the user,in this way making possible a CSRF attack due to the wrong use of HTTP method. VI. SYSTEMS AFFECTED ------------------------- phpMyAdmin <= 4.9.0.1 VII. SOLUTION ------------------------- Implement in each call the validation of the token variable, as already done in other phpMyAdmin requests. VIII. REFERENCES ------------------------- https://www.phpmyadmin.net/ IX. CREDITS ------------------------- This vulnerability has been discovered and reported by Manuel Garcia Cardenas (advidsec (at) gmail (dot) com). X. REVISION HISTORY ------------------------- June 13, 2019 1: Initial release September 13, 2019 2: Last revision XI. DISCLOSURE TIMELINE ------------------------- June 13, 2019 1: Vulnerability acquired by Manuel Garcia Cardenas June 13, 2019 2: Send to vendor July 16, 2019 3: New request to vendor without fix date September 13, 2019 4: Sent to lists XII. LEGAL NOTICES ------------------------- The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. XIII. ABOUT ------------------------- Manuel Garcia Cardenas Pentester


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top