CVE-2019-10784
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
phppgadmin through 7.12.1 allows sensitive actions to be performed without validating that the request originated from the application. One such area, "database.php" does not verify the source of an HTTP request. This can be leveraged by a remote attacker to trick a logged-in administrator to visit a malicious page with a CSRF exploit and execute arbitrary system commands on the server.
phppgadmin versiones hasta 7.12.1, permite que acciones confidenciales sean llevadas a cabo sin comprobar que la petición se originó en la aplicación. Una de esas áreas, "database.php" no comprueba el origen de una petición HTTP. Esto puede ser aprovechado por un atacante remoto para engañar a un administrador registrado para que visite una página maliciosa con un explotación de tipo CSRF y ejecute comandos arbitrarios de sistema sobre el servidor.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-04-03 CVE Reserved
- 2020-02-04 CVE Published
- 2024-03-15 EPSS Updated
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://snyk.io/vuln/SNYK-PHP-PHPPGADMINPHPPGADMIN-543885 | 2024-08-04 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Phppgadmin Project Search vendor "Phppgadmin Project" | Phppgadmin Search vendor "Phppgadmin Project" for product "Phppgadmin" | <= 7.12.1 Search vendor "Phppgadmin Project" for product "Phppgadmin" and version " <= 7.12.1" | - |
Affected
| ||||||