CVE-2019-12922

Priority
Description
A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in the
Setup page.
Ubuntu-Description
It was discovered that phpmyadmin incorrectly handled some requests. An
attacker could possibly use this to perform a CSRF attack.
Notes
Package
Upstream:released (4:4.9.1+dfsg1-2)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):needed
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 20.04 LTS (Focal Fossa):not-affected (4:4.9.2+dfsg1-1)
Ubuntu 20.10 (Groovy Gorilla):not-affected (4:4.9.2+dfsg1-1)
Patches:
Upstream:https://github.com/phpmyadmin/phpmyadmin/commit/427fbed55d3154d96ecfc1c7784d49eaa3c04161
More Information

Updated: 2020-07-31 22:14:26 UTC (commit 44c3be61aff7f7dcecb4501154cd3ca8a057b5df)