CVE-2019-25451 – phpMoAdmin 1.1.5 contains a CSRF vulnerability ... (How to Fix)

Q: What is the severity of CVE-2019-25451?

CVE-2019-25451 has a CVSS score of 8.8 (HIGH). phpMoAdmin 1.1.5 contains a CSRF vulnerability that allows attackers to trick authenticated administrators into performing unauthorized database operations like creating, dropping, or repairing databases and collections. This affects any system running the vulnerable phpMoAdmin web interface where administrators might visit malicious sites while authenticated.

📋 TL;DR

phpMoAdmin 1.1.5 contains a CSRF vulnerability that allows attackers to trick authenticated administrators into performing unauthorized database operations like creating, dropping, or repairing databases and collections. This affects any system running the vulnerable phpMoAdmin web interface where administrators might visit malicious sites while authenticated.

💻 Affected Systems

Products:

phpMoAdmin

Versions: 1.1.5 and likely earlier versions

Operating Systems: All platforms running PHP

Default Config Vulnerable: ⚠️ Yes

Notes: Requires phpMoAdmin to be installed and accessible, with an authenticated administrator session.

📦 What is this software?

Phpmoadmin by Phpmoadmin

View all CVEs affecting Phpmoadmin →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database destruction or unauthorized database creation leading to data loss, service disruption, or data exfiltration through malicious database operations.

🟠

Likely Case

Unauthorized database modifications or deletions by attackers tricking administrators into clicking malicious links, potentially causing data corruption or loss.

🟢

If Mitigated

Minimal impact with proper CSRF protections, network segmentation, and administrator awareness training in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires social engineering to trick authenticated users into visiting malicious pages. Public exploit code exists in Exploit-DB.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch exists. Remove or replace phpMoAdmin with a maintained alternative. If keeping, implement CSRF protections manually.

🔧 Temporary Workarounds

Implement CSRF Tokens

all

Add CSRF token validation to all state-changing operations in moadmin.php

Manual code modification required - add token generation and validation to PHP scripts

Restrict Access

all

Limit phpMoAdmin access to specific IP addresses or internal networks only

Use web server configuration (e.g., Apache .htaccess, Nginx allow/deny) to restrict access

🧯 If You Can't Patch

Implement network segmentation to isolate phpMoAdmin from user networks
Require administrators to use separate browser sessions or private browsing for phpMoAdmin access

🔍 How to Verify

Check if Vulnerable:

Check if phpMoAdmin version is 1.1.5 or earlier by examining the source code or installation files.

Check Version:

grep -r 'version\|VERSION' /path/to/phpmoadmin/ | head -5

Verify Fix Applied:

Test that CSRF tokens are required for all database operations and that unauthorized requests are rejected.

📡 Detection & Monitoring

Log Indicators:

Multiple database create/drop/repair operations from same IP in short time
GET requests to moadmin.php with action, db, collection parameters without referrer validation

Network Indicators:

HTTP GET requests to moadmin.php with database operation parameters from unexpected sources

SIEM Query:

source="web_access.log" AND uri="/moadmin.php" AND (action="create" OR action="drop" OR action="repair")

📊 Metadata

CVE ID: CVE-2019-25451

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-918

Published: February 20, 2026

Last Updated: March 2, 2026

🔗 References

http://www.phpmoadmin.com/ Product
https://www.exploit-db.com/exploits/46082 Exploit,VDB Entry
https://www.vulncheck.com/advisories/phpmoadmin-cross-site-request-forgery-via-moadminphp Broken Link

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-25451, you might also want to check these: