ALERT: phpMyAdmin configured servers vanish with a click!

 



phpMyAdmin is a free tool used by millions around the world to manage MySQL and MariaDB databases over the web. Joomla, WordPress, etc are some of the popular products which use phpMyAdmin. Manuel Garcia Cardenas, a security researcher, discovered a CSRF vulnerability which can meddle with the server configurations in phpMyAdmin.

An attacker can delete a configured server in the setup page of a phpMyAdmin panel by tricking a user who is already logged in to the phpMyAdmin page, to just click on a crafted URL. An attacker only needs to have information about the URL of the targeted server. However, this vulnerability has been rated medium as a successful attack does not allow an attacker to delete a database or a table stored on the server but only deletes the server name in the setup page of a phpMyAdmin panel.

This vulnerability was reported to the vendor in June 2019, but was not fixed within the 90-day period. The researcher has published the vulnerability tracked as CVE-2019-12922 with the POC.

<p>Deleting Server 1</p>
<img src="
http://server/phpmyadmin/setup/index.php?page=servers&mode=remove&id=1"
style="display:none;" />

The researcher has also mentioned validating tokens on every call as a possible solution to the vulnerability. The vendor has issued no fix for this vulnerability. We will send out updates as and when a fix is released for this vulnerability. But in the meantime, we strongly suggest being extremely cautious before clicking on any suspicious links which might trigger the vulnerability.


Affected Products

csrf vulnerability affected in phpMyAdmin versions 4.9.0.1 and before. phpMyAdmin 5.0.0-alpha1 has also been reported as vulnerable.


Impact

An attacker can trick a user to click on a crafted link and launch CSRF attacks in the context of the logged in user.


Solution
While there is no workaround or remediation available currently, we will continue to monitor this vulnerability and update as and when a fix is available. In the meantime, our general recommendation is to refrain from clicking on any suspicious links.


 

Subscribe For More Posts Like This

Get the latest research, best practices, industry trends and cybersecurity blogs from SecPod security experts

Invalid email address
We promise not to spam you. You can unsubscribe at any time.
0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments