Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

phpMyAdmin 4.0.x <, 4.1.x <, 4.2.x < CSRF (PMASA-2014-10)



The remote web server contains a PHP application that is affected by a cross-site request forgery vulnerability.


Versions of phpMyAdmin earlier than,, or are unpatched for a DOM-based cross-site scripting vulnerability in the micro-history feature that could be leveraged for cross-site request forgery -- that is, by deceiving a logged-in user to click on a crafted URL, an attacker could perform remote code execution and in some cases, create a root account, via the user's account.


Either upgrade to phpMyAdmin,, or later, or apply the patches from the referenced links.