Platform
php
Component
phpmoadmin
Fixed in
1.1.6
CVE-2019-25451 describes a cross-site request forgery (CSRF) vulnerability present in phpMoAdmin versions 1.1.5–1.1.5. This flaw allows attackers to execute unauthorized database operations, potentially leading to data manipulation or deletion. The vulnerability stems from insufficient input validation, enabling malicious requests to be crafted and submitted through authenticated user sessions. A fix is available, and immediate action is recommended.
The primary impact of CVE-2019-25451 is the potential for unauthorized database modifications. An attacker could leverage this CSRF vulnerability to create, drop, or repair databases and collections within the phpMoAdmin interface without the user's knowledge or consent. This could result in data loss, corruption, or even complete database compromise. Successful exploitation requires an authenticated user to interact with a malicious webpage or link. The blast radius is limited to the databases managed by the phpMoAdmin instance, but the consequences can be severe, particularly for sensitive data stored within those databases. While no direct precedent is immediately obvious, CSRF vulnerabilities often lead to similar database manipulation attacks.
CVE-2019-25451 was published on 2026-02-20. The vulnerability's severity is rated HIGH with a CVSS score of 8.8. There is no indication of this vulnerability being actively exploited or listed on CISA KEV. Public proof-of-concept exploits are not widely available, but the nature of CSRF vulnerabilities makes them relatively easy to develop.
Exploit Status
EPSS
0.04% (13% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2019-25451 is to upgrade to a patched version of phpMoAdmin. Unfortunately, no specific fixed version is provided in the CVE data. As an interim measure, implement strict Web Application Firewall (WAF) rules to filter out potentially malicious requests targeting the moadmin.php script with parameters like action, db, and collection. Carefully review and restrict access to the phpMoAdmin interface, limiting it to authorized personnel only. Consider implementing CSRF tokens or other input validation techniques to further harden the application. After applying mitigations, verify the protection by attempting to submit a crafted CSRF request and confirming that it is blocked.
Update phpMoAdmin to a patched version. Check if the developer has released a new version that addresses this CSRF vulnerability. Implement additional security measures, such as input validation and output encoding, to mitigate the risk of CSRF attacks.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2019-25451 is a cross-site request forgery vulnerability in phpMoAdmin versions 1.1.5–1.1.5, allowing attackers to perform unauthorized database operations.
If you are using phpMoAdmin version 1.1.5, you are potentially affected by this vulnerability. Upgrade is the recommended solution.
Upgrade to a patched version of phpMoAdmin. If upgrading is not immediately possible, implement WAF rules to filter malicious requests.
There is no current evidence of active exploitation, but the vulnerability's nature makes it easily exploitable.
Refer to the phpMoAdmin project website or relevant security mailing lists for official advisories.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.