phpmyadmin/phpmyadmin is a web interface for MySQL and MariaDB.
Affected versions of this package are vulnerable to Cross-site Request Forgery (CSRF). The attacker can trick the user, for instance through a broken
<img> tag pointing at the victim's phpMyAdmin database, and the attacker can potentially deliver a payload (such as a specific
DELETE statement) to the victim. Only the 'cookie'
auth_type is affected; users can temporary use phpMyAdmin's http authentication as a workaround.
phpmyadmin/phpmyadmin to version 4.9.0 or higher.