Search for vulnerabilities
Vulnerability details: VCID-1dgw-1ueg-sudt
Vulnerability ID VCID-1dgw-1ueg-sudt
Aliases CVE-2019-12922
GHSA-4c9q-64gq-xhx4
Summary A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in the Setup page.
Status Published
Exploitability 2.0
Weighted Severity 6.2
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-352 Cross-Site Request Forgery (CSRF)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3.1 6.5 http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00078.html
generic_textual MODERATE http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00078.html
cvssv3.1 6.5 http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html
generic_textual MODERATE http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html
cvssv3.1 6.5 http://packetstormsecurity.com/files/154483/phpMyAdmin-4.9.0.1-Cross-Site-Request-Forgery.html
generic_textual MODERATE http://packetstormsecurity.com/files/154483/phpMyAdmin-4.9.0.1-Cross-Site-Request-Forgery.html
epss 0.25499 https://api.first.org/data/v1/epss?cve=CVE-2019-12922
epss 0.25499 https://api.first.org/data/v1/epss?cve=CVE-2019-12922
epss 0.25499 https://api.first.org/data/v1/epss?cve=CVE-2019-12922
epss 0.25499 https://api.first.org/data/v1/epss?cve=CVE-2019-12922
epss 0.25499 https://api.first.org/data/v1/epss?cve=CVE-2019-12922
epss 0.25499 https://api.first.org/data/v1/epss?cve=CVE-2019-12922
epss 0.25499 https://api.first.org/data/v1/epss?cve=CVE-2019-12922
epss 0.25499 https://api.first.org/data/v1/epss?cve=CVE-2019-12922
epss 0.25499 https://api.first.org/data/v1/epss?cve=CVE-2019-12922
epss 0.25499 https://api.first.org/data/v1/epss?cve=CVE-2019-12922
epss 0.25499 https://api.first.org/data/v1/epss?cve=CVE-2019-12922
epss 0.25499 https://api.first.org/data/v1/epss?cve=CVE-2019-12922
epss 0.25499 https://api.first.org/data/v1/epss?cve=CVE-2019-12922
epss 0.25499 https://api.first.org/data/v1/epss?cve=CVE-2019-12922
epss 0.25499 https://api.first.org/data/v1/epss?cve=CVE-2019-12922
epss 0.25499 https://api.first.org/data/v1/epss?cve=CVE-2019-12922
epss 0.25499 https://api.first.org/data/v1/epss?cve=CVE-2019-12922
epss 0.32184 https://api.first.org/data/v1/epss?cve=CVE-2019-12922
epss 0.32184 https://api.first.org/data/v1/epss?cve=CVE-2019-12922
epss 0.32184 https://api.first.org/data/v1/epss?cve=CVE-2019-12922
cvssv3.1 6.5 http://seclists.org/fulldisclosure/2019/Sep/23
generic_textual MODERATE http://seclists.org/fulldisclosure/2019/Sep/23
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-4c9q-64gq-xhx4
cvssv3.1 6.5 https://github.com/phpmyadmin/phpmyadmin/commit/427fbed55d3154d96ecfc1c7784d49eaa3c04161
generic_textual MODERATE https://github.com/phpmyadmin/phpmyadmin/commit/427fbed55d3154d96ecfc1c7784d49eaa3c04161
cvssv3.1 6.5 https://github.com/phpmyadmin/phpmyadmin/commit/7d21d4223bdbe0306593309132b4263d7087d13b
generic_textual MODERATE https://github.com/phpmyadmin/phpmyadmin/commit/7d21d4223bdbe0306593309132b4263d7087d13b
cvssv3.1 6.5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBLBE6CSC2ZLINIRBUU5XBLXYVBTF3KA
generic_textual MODERATE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBLBE6CSC2ZLINIRBUU5XBLXYVBTF3KA
cvssv3.1 6.5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QJ5BW2VEMD2P23ZYRWHDBEQHOKGKGWD6
generic_textual MODERATE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QJ5BW2VEMD2P23ZYRWHDBEQHOKGKGWD6
cvssv3.1 6.5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YCB3PTGHZ7AJCM6BKCQRRP6HG3OKYCMN
generic_textual MODERATE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YCB3PTGHZ7AJCM6BKCQRRP6HG3OKYCMN
cvssv2 5.8 https://nvd.nist.gov/vuln/detail/CVE-2019-12922
cvssv3.1 6.5 https://nvd.nist.gov/vuln/detail/CVE-2019-12922
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2019-12922
cvssv3.1 6.5 https://www.exploit-db.com/exploits/47385
generic_textual MODERATE https://www.exploit-db.com/exploits/47385
Reference id Reference type URL
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00078.html
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html
http://packetstormsecurity.com/files/154483/phpMyAdmin-4.9.0.1-Cross-Site-Request-Forgery.html
https://api.first.org/data/v1/epss?cve=CVE-2019-12922
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12922
http://seclists.org/fulldisclosure/2019/Sep/23
https://github.com/phpmyadmin/phpmyadmin/commit/427fbed55d3154d96ecfc1c7784d49eaa3c04161
https://github.com/phpmyadmin/phpmyadmin/commit/7d21d4223bdbe0306593309132b4263d7087d13b
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PBLBE6CSC2ZLINIRBUU5XBLXYVBTF3KA/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QJ5BW2VEMD2P23ZYRWHDBEQHOKGKGWD6/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YCB3PTGHZ7AJCM6BKCQRRP6HG3OKYCMN/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBLBE6CSC2ZLINIRBUU5XBLXYVBTF3KA
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QJ5BW2VEMD2P23ZYRWHDBEQHOKGKGWD6
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YCB3PTGHZ7AJCM6BKCQRRP6HG3OKYCMN
https://nvd.nist.gov/vuln/detail/CVE-2019-12922
https://www.exploit-db.com/exploits/47385
cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
CVE-2019-12922 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/47385.txt
GHSA-4c9q-64gq-xhx4 https://github.com/advisories/GHSA-4c9q-64gq-xhx4
USN-USN-4843-1 https://usn.ubuntu.com/USN-4843-1/
Data source Exploit-DB
Date added Sept. 13, 2019
Description phpMyAdmin 4.9.0.1 - Cross-Site Request Forgery
Ransomware campaign use Unknown
Source publication date Sept. 13, 2019
Exploit type webapps
Platform php
Source update date Sept. 13, 2019
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00078.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00024.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at http://packetstormsecurity.com/files/154483/phpMyAdmin-4.9.0.1-Cross-Site-Request-Forgery.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at http://seclists.org/fulldisclosure/2019/Sep/23
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://github.com/phpmyadmin/phpmyadmin/commit/427fbed55d3154d96ecfc1c7784d49eaa3c04161
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://github.com/phpmyadmin/phpmyadmin/commit/7d21d4223bdbe0306593309132b4263d7087d13b
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBLBE6CSC2ZLINIRBUU5XBLXYVBTF3KA
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QJ5BW2VEMD2P23ZYRWHDBEQHOKGKGWD6
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YCB3PTGHZ7AJCM6BKCQRRP6HG3OKYCMN
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2019-12922
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2019-12922
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N Found at https://www.exploit-db.com/exploits/47385
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.9599
EPSS Score 0.25499
Published At Aug. 12, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:41:02.950864+00:00 Alpine Linux Importer Import https://secdb.alpinelinux.org/v3.17/community.json 37.0.0