Primary

Context

phpMoAdmin Cross-Site Request Forgery Vulnerability

Vulnerability

A cross-site request forgery (CSRF) vulnerability has been identified in phpMoAdmin version 1.1.5. This vulnerability allows attackers to perform unauthorized database operations by sending crafted GET requests to moadmin.php. Exploitation involves tricking authenticated users into submitting these requests with specific parameters to manipulate databases and collections without their consent.

Impact

Exploitation of this vulnerability could lead to unauthorized database modifications, such as creating, dropping, or repairing databases and collections.

Reproduction

To reproduce this vulnerability, an attacker can create a form that sends a GET request to 'moadmin.php' with the desired database action and parameters. This form can then be presented to an authenticated user, who, upon submission, will unknowingly perform the requested database operation.

Added: Feb 20, 2026, 11:28 PM

Updated: Feb 20, 2026, 11:28 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.5

remediation

0.0

relevance

3.2

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.5

remediation

0.0

relevance

3.2

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

phpMoAdmin Cross-Site Request Forgery Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating