CVE-2019-12922

Description

A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in the Setup page.

How to fix CVE-2019-12922

To remediate CVE-2019-12922, upgrade the affected package to a fixed version below.

• Debian/phpmyadmin—upgrade to 4:4.9.1+dfsg1-2 or later
• Packagist/phpmyadmin/phpmyadmin—upgrade to 4.9.1 or later

Is CVE-2019-12922 being exploited?

Moderate — EPSS is 32.0%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (2)

• from 0, < 4:4.9.1+dfsg1-2
• from 0, < 4.9.1

CVSS scores

References (12)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2019-12922
• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2019-12922
• WEBlists.opensuse.org/opensuse-security-announce/2019-09/msg00078.html
• WEBlists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html