CVE-2019-25451 | THREATINT

Description

phpMoAdmin 1.1.5 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized database operations by crafting malicious requests. Attackers can trick authenticated users into submitting GET requests to moadmin.php with parameters like action, db, and collection to create, drop, or repair databases and collections without user consent.

PUBLISHED Reserved 2026-02-20 | Published 2026-02-20 | Updated 2026-04-07 | Assigner VulnCheck

MEDIUM: 5.3CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L

HIGH: 8.8CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Problem types

Server-Side Request Forgery (SSRF)

Product status

1.1.5

affected

Credits

Ozer Goker finder

References

www.exploit-db.com/exploits/46082 (ExploitDB-46082) exploit

www.phpmoadmin.com/ (phpMoAdmin Official Website) product

www.vulncheck.com/...oss-site-request-forgery-via-moadminphp (VulnCheck Advisory: phpMoAdmin 1.1.5 Cross-Site Request Forgery via moadmin.php) third-party-advisory

cve.org (CVE-2019-25451)

nvd.nist.gov (CVE-2019-25451)

Download JSON