[phpMyAdmin] Critical XSRF/CSRF Vulnerability - PMASA-2017-9

Kailash · January 09, 2018, 05:03:14 PM

Summary

XSRF/CSRF vulnerability in phpMyAdmin

Description

By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc.

Severity

We consider this vulnerability to be critical.

Affected Versions

Versions 4.7.x (prior to 4.7.7) are affected.

Unaffected Versions

Versions older than 4.7.0 are not affected.

Solution

Upgrade to phpMyAdmin 4.7.7 or newer.

For more information, kindly refer their official notification from the following URL:

https://www.phpmyadmin.net/security/PMASA-2017-9/

News:

[phpMyAdmin] Critical XSRF/CSRF Vulnerability - PMASA-2017-9

Kailash