Homepage
About Snyk

Cross-site Request Forgery (CSRF) Affecting phppgadmin/phppgadmin package, versions >=0.0.0

0.0
medium

Snyk CVSS

    Attack Complexity Low
    User Interaction Required
    Confidentiality High

    Threat Intelligence

    Exploit Maturity Proof of concept
    EPSS 0.3% (70th percentile)
Expand this section
NVD
9.6 critical

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-PHP-PHPPGADMINPHPPGADMIN-543885
  • published 1 Feb 2020
  • disclosed 1 Feb 2020
  • credit Sam Sanoop of Snyk Security Team
Report a new vulnerability Found a mistake?

Introduced: 1 Feb 2020

CVE-2019-10784 Open this link in a new tab
CWE-352 Open this link in a new tab
First added by Snyk

How to fix?

There is no fixed version for phppgadmin/phppgadmin.

Overview

phppgadmin/phppgadmin is a web-based administration tool for PostgreSQL. It is perfect for PostgreSQL DBAs, newbies, and hosting services.

Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF). Multiple areas within the application allows sensitive actions to be performed without validating that the request originated from the application. One such area, database.php ​ does not verify the source of an HTTP request. This can be leveraged by a remote attacker to trick a logged-in administrator to visit a malicious page with a CSRF exploit and execute arbitrary system commands on the server.

References