CVE-2019-25453 | THREATINT

Description

phpMoAdmin 1.1.5 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the newdb parameter. Attackers can craft URLs with JavaScript payloads in the newdb parameter of moadmin.php to execute arbitrary code in users' browsers when they visit the malicious link.

PUBLISHED Reserved 2026-02-20 | Published 2026-02-20 | Updated 2026-02-23 | Assigner VulnCheck

MEDIUM: 5.1CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

MEDIUM: 6.1CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Problem types

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product status

1.1.5

affected

Credits

Ozer Goker finder

References

www.exploit-db.com/exploits/46082 (ExploitDB-46082) exploit

www.phpmoadmin.com/ (phpMoAdmin Official Website) product

www.vulncheck.com/...ted-cross-site-scripting-via-moadminphp (VulnCheck Advisory: phpMoAdmin 1.1.5 Reflected Cross-Site Scripting via moadmin.php) third-party-advisory

cve.org (CVE-2019-25453)

nvd.nist.gov (CVE-2019-25453)

Download JSON