phpMyAdmin <= 4.9.1 Cross-Site Request Forgery Vulnerability
Medium Nessus Plugin ID 129696
SynopsisThe remote web server hosts a PHP application that is affected by a cross-site request forgery vulnerability
DescriptionA cross-site request forgery (XSRF) vulnerability exists in the Setup page of phpMyAdmin. A remote attacker can exploit this by tricking a user into visiting a specially crafted web page, allowing the attacker to delete any server in the setup page by creating a fake hyperlink containing the malicious request it wants the victim's web browser to execute.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
SolutionUpgrade to phpMyAdmin version 4.9.1 or later.