FreeBSD : phpMyAdmin -- CSRF vulnerability in login form (a5681027-8e03-11e9-85f4-6805ca0b3d42)
Medium Nessus Plugin ID 125936
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionThe phpMyAdmin development team reports : Summary CSRF vulnerability in login form Description A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken <img> tag pointing at the victim's phpMyAdmin database, and the attacker can potentially deliver a payload (such as a specific INSERT or DELETE statement) through the victim. Severity We consider this vulnerability to be severe. Mitigation factor Only the 'cookie' auth_type is affected; users can temporary use phpMyAdmin's http authentication as a workaround.
SolutionUpdate the affected packages.