CVE-2019-12616

Priority
Description
An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability was
found that allows an attacker to trigger a CSRF attack against a phpMyAdmin
user. The attacker can trick the user, for instance through a broken <img>
tag pointing at the victim's phpMyAdmin database, and the attacker can
potentially deliver a payload (such as a specific INSERT or DELETE
statement) to the victim.
Ubuntu-Description
It was discovered that phpmyadmin incorrectly handled some requests. An
attacker could possibly use this to perform a CSRF attack.
Notes
Package
Upstream:released (4.9.0, 4:4.9.1+dfsg1-2)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 20.04 LTS (Focal Fossa):not-affected (4:4.9.2+dfsg1-1)
Ubuntu 20.10 (Groovy Gorilla):not-affected (4:4.9.2+dfsg1-1)
More Information

Updated: 2020-07-31 22:14:24 UTC (commit 44c3be61aff7f7dcecb4501154cd3ca8a057b5df)