Source: phppgadmin Version: 7.12.1+dfsg-1 Severity: important Tags: security upstream Forwarded: https://github.com/phppgadmin/phppgadmin/issues/94
Hi, The following vulnerability was published for phppgadmin. For tracking this issue Emilio did report it to [1]. So far there is no upstream solution. CVE-2019-10784[0]: | phppgadmin through 7.12.1 allows sensitive actions to be performed | without validating that the request originated from the application. | One such area, "database.php" does not verify the source of an HTTP | request. This can be leveraged by a remote attacker to trick a logged- | in administrator to visit a malicious page with a CSRF exploit and | execute arbitrary system commands on the server. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-10784 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10784 [1] https://github.com/phppgadmin/phppgadmin/issues/94 [2] https://snyk.io/vuln/SNYK-PHP-PHPPGADMINPHPPGADMIN-543885 Regards, Salvatore
