Security update for phpPgAdmin SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2022:10065-1 Final 1 1 2022-07-25T21:21:23Z current 2022-07-25T21:21:23Z 2022-07-25T21:21:23Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for phpPgAdmin This update for phpPgAdmin fixes the following issues: - CVE-2019-10784: Fixed improper source validation that could lead to CSRF (boo#1162794) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2022-10065 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4YEBNCIRQOKETS4R7J5GXRP3TKF2YKFJ/ E-Mail link for openSUSE-SU-2022:10065-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1162794 SUSE Bug 1162794 https://www.suse.com/security/cve/CVE-2019-10784/ SUSE CVE CVE-2019-10784 page SUSE Package Hub 15 SP3 SUSE Package Hub 15 SP4 openSUSE Leap 15.3 openSUSE Leap 15.4 phpPgAdmin-7.13.0-bp154.2.3.1 phpPgAdmin-apache-7.13.0-bp154.2.3.1 phpPgAdmin-7.13.0-bp154.2.3.1 as a component of SUSE Package Hub 15 SP3 phpPgAdmin-apache-7.13.0-bp154.2.3.1 as a component of SUSE Package Hub 15 SP3 phpPgAdmin-7.13.0-bp154.2.3.1 as a component of SUSE Package Hub 15 SP4 phpPgAdmin-apache-7.13.0-bp154.2.3.1 as a component of SUSE Package Hub 15 SP4 phpPgAdmin-7.13.0-bp154.2.3.1 as a component of openSUSE Leap 15.3 phpPgAdmin-apache-7.13.0-bp154.2.3.1 as a component of openSUSE Leap 15.3 phpPgAdmin-7.13.0-bp154.2.3.1 as a component of openSUSE Leap 15.4 phpPgAdmin-apache-7.13.0-bp154.2.3.1 as a component of openSUSE Leap 15.4 phppgadmin through 7.12.1 allows sensitive actions to be performed without validating that the request originated from the application. One such area, "database.php" does not verify the source of an HTTP request. This can be leveraged by a remote attacker to trick a logged-in administrator to visit a malicious page with a CSRF exploit and execute arbitrary system commands on the server. CVE-2019-10784 SUSE Package Hub 15 SP3:phpPgAdmin-7.13.0-bp154.2.3.1 SUSE Package Hub 15 SP3:phpPgAdmin-apache-7.13.0-bp154.2.3.1 SUSE Package Hub 15 SP4:phpPgAdmin-7.13.0-bp154.2.3.1 SUSE Package Hub 15 SP4:phpPgAdmin-apache-7.13.0-bp154.2.3.1 openSUSE Leap 15.3:phpPgAdmin-7.13.0-bp154.2.3.1 openSUSE Leap 15.3:phpPgAdmin-apache-7.13.0-bp154.2.3.1 openSUSE Leap 15.4:phpPgAdmin-7.13.0-bp154.2.3.1 openSUSE Leap 15.4:phpPgAdmin-apache-7.13.0-bp154.2.3.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4YEBNCIRQOKETS4R7J5GXRP3TKF2YKFJ/ https://www.suse.com/security/cve/CVE-2019-10784.html CVE-2019-10784 https://bugzilla.suse.com/1162794 SUSE Bug 1162794