FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpMyAdmin -- XSRF/CSRF vulnerability

Affected packages
4.7.0 <= phpMyAdmin < 4.7.7

Details

VuXML ID 63eb2b11-e802-11e7-a58c-6805ca0b3d42
Discovery 2017-12-23
Entry 2017-12-23

The phpMyAdmin team reports:

Description

By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc.

Severity

We consider this vulnerability to be critical.

References

URL https://www.phpmyadmin.net/security/PMASA-2017-9/