CVE-2019-25454

MEDIUM

phpMoAdmin 1.1.5 - XSS

Title source: llm

Description

phpMoAdmin 1.1.5 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the collection parameter. Attackers can send GET requests to moadmin.php with script payloads in the collection parameter during collection creation to execute arbitrary JavaScript in users' browsers.

Exploits (1)

exploitdb WORKING POC

by Ozer Goker · textwebappsphp

https://www.exploit-db.com/exploits/46082

View Code ZIP pw:eip

References (3)

[Various Sources] http://www.phpmoadmin.com/

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/46082

[Third Party Advisory] https://www.vulncheck.com/advisories/phpmoadmin-stored-cross-site-scripting-via-collection-parameter

Scores

CVSS v3 6.1

EPSS 0.0007

EPSS Percentile 20.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Classification

CWE

CWE-79

Status published

Affected Products (1)

phpmoadmin/phpmoadmin

Timeline

Published Feb 20, 2026

Tracked Since Feb 21, 2026