Exploitation Summary
EIP tracks 2 public exploits for CVE-2019-12616. PoCs published by Riemann, Cappricio-Securities.
AI-analyzed exploit summary This exploit demonstrates a CSRF vulnerability in phpMyAdmin 4.8, where a GET request is used for form submission, allowing an attacker to trick a user into executing arbitrary SQL queries via a crafted link.
Description
An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken <img> tag pointing at the victim's phpMyAdmin database, and the attacker can potentially deliver a payload (such as a specific INSERT or DELETE statement) to the victim.
Exploits (2)
This exploit demonstrates a CSRF vulnerability in phpMyAdmin 4.8, where a GET request is used for form submission, allowing an attacker to trick a user into executing arbitrary SQL queries via a crafted link.
This repository contains a Python-based scanner for detecting CVE-2019-12616, a vulnerability in phpMyAdmin versions prior to 4.9.0. The tool checks for the presence of vulnerable endpoints and versions but does not include exploit code for active exploitation.
References (9)
Scores
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N