Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
phpMoAdmin: Attackers Can Trick Users to Make Unauthorized Database Changes
CVE-2019-25451
Summary
A security issue in phpMoAdmin allows attackers to trick authenticated users into making changes to databases and collections without permission. This can lead to data loss or unauthorized access. To protect your systems, update to a fixed version of phpMoAdmin or take steps to prevent cross-site request forgery attacks.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| phpmoadmin | phpmoadmin | 1.1.5 | – |
Original title
phpMoAdmin 1.1.5 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized database operations by crafting malicious requests. Attackers can trick authentica...
Original description
phpMoAdmin 1.1.5 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized database operations by crafting malicious requests. Attackers can trick authenticated users into submitting GET requests to moadmin.php with parameters like action, db, and collection to create, drop, or repair databases and collections without user consent.
nvd CVSS3.1
8.8
nvd CVSS4.0
5.3
Vulnerability type
CWE-918
Server-Side Request Forgery (SSRF)
- http://www.phpmoadmin.com/ Product
- https://www.exploit-db.com/exploits/46082 Exploit VDB Entry
- https://www.vulncheck.com/advisories/phpmoadmin-cross-site-request-forgery-via-m... Broken Link
Published: 20 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026