CVE-2019-25451

EUVD-2019-19589
phpMoAdmin 1.1.5 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized database operations by crafting malicious requests. Attackers can trick authenticated users into submitting GET requests to moadmin.php with parameters like action, db, and collection to create, drop, or repair databases and collections without user consent.
SSRF
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
phpmoadminphpmoadmin
1.1.5
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.phpmoadmin.com/
https://www.exploit-db.com/exploits/46082
https://www.vulncheck.com/advisories/phpmoadmin-cross-site-request-forgery-via-moadminphp