phpMyAdmin is a free software tool written in PHP that is intended to handle the administration of a MySQL or MariaDB database server. You can use phpMyAdmin to perform most administration tasks, including creating a database, running queries, and adding user accounts.
CVE-2019-12922: phpMyAdmin 188.8.131.52 – Cross-Site Request Forgery
Has been detected a Cross-Site Request Forgery in phpMyAdmin, that allows an attacker to trigger a CSRF attack against a phpMyAdmin user deleting any server in the Setup page. The attacker can easily create a fake hyperlink containing the request that wants to execute on behalf the user, in this way making possible a CSRF attack due to the wrong use of HTTP method.
- phpMyAdmin <= 184.108.40.206
Exploit CSRF – Deleting main server
<p>Deleting Server 1</p>
Implement in each call the validation of the token variable, as already done in other phpMyAdmin requests.