CVE-2019-25451

Sažetak

phpMoAdmin 1.1.5 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized database operations by crafting malicious requests. Attackers can trick authenticated users into submitting GET requests to moadmin.php with parameters like action, db, and collection to create, drop, or repair databases and collections without user consent.

Reference

http://www.phpmoadmin.com/
https://www.exploit-db.com/exploits/46082
https://www.vulncheck.com/advisories/phpmoadmin-cross-site-request-forgery-via-moadminphp

CVSS

Base:	8.8
Impact:	5.9
Exploitability:	2.8

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

02-03-2026 - 15:16

Objavljeno

20-02-2026 - 23:16