phpMyAdmin Cross Site Request Forgery Vulnerability

phpMyAdmin is prone to a cross-site request-forgery vulnerability because it does not properly validate HTTP requests.

Exploiting this issue may allow a remote attacker to perform certain unauthorized actions. This may lead to further attacks.
phpMyAdmin 4.7.x versions prior to 4.7.7 are vulnerable.

Information

Bugtraq ID: 102271
Class: Input Validation Error
CVE:
Remote: Yes
Local: No
Published: Dec 20 2017 12:00AM
Updated: Dec 20 2017 12:00AM
Credit: Ashutosh Barot
Vulnerable: phpMyAdmin phpMyAdmin 4.7

Not Vulnerable: phpMyAdmin phpMyAdmin 4.7.7

Exploit

To exploit this issue an attacker must entice an unsuspecting victim to open a malicious URI.

References:

phpMyAdmin Homepage (phpMyAdmin)
PMASA-2017-9 (phpMyAdmin)

Source: www.securityfocus.com

Exploit Collector

Search Exploit