CVE-2019-25451

HIGH

phpMoAdmin 1.1.5 - CSRF

Title source: llm

Description

phpMoAdmin 1.1.5 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized database operations by crafting malicious requests. Attackers can trick authenticated users into submitting GET requests to moadmin.php with parameters like action, db, and collection to create, drop, or repair databases and collections without user consent.

Exploits (1)

exploitdb WORKING POC

by Ozer Goker · textwebappsphp

https://www.exploit-db.com/exploits/46082

View Code ZIP pw:eip

References (3)

[Various Sources] http://www.phpmoadmin.com/

[Third Party Advisory] https://www.vulncheck.com/advisories/phpmoadmin-cross-site-request-forgery-via-moadminphp

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/46082

Scores

CVSS v3 8.8

EPSS 0.0004

EPSS Percentile 12.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Classification

CWE

CWE-918

Status published

Affected Products (1)

phpmoadmin/phpmoadmin

Timeline

Published Feb 20, 2026

Tracked Since Feb 21, 2026