CVE-2019-25451
Published: 20 February 2026
Summary
CVE-2019-25451 is a medium-severity SSRF (CWE-918) vulnerability in Phpmoadmin Phpmoadmin. Its CVSS base score is 5.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 23.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SC-23 (Session Authenticity) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2019-25451 is a cross-site request forgery (CSRF) vulnerability in phpMoAdmin version 1.1.5. The flaw affects the moadmin.php component, where attackers can craft malicious GET requests using parameters such as action, db, and collection. This enables unauthorized database operations, including creating, dropping, or repairing databases and collections, without the authenticated user's consent.
Unauthenticated attackers can exploit this vulnerability over the network with low complexity by tricking authenticated users into submitting the malicious GET requests, such as through a phishing link or malicious webpage. Successful exploitation grants high-impact access to confidentiality, integrity, and availability, allowing full unauthorized control over targeted MongoDB operations via the victim's session.
Advisories, including one from VulnCheck, detail the CSRF issue in moadmin.php, while Exploit-DB hosts a proof-of-concept exploit (ID 46082). The phpMoAdmin homepage at phpmoadmin.com provides additional context on the software.
An exploit is publicly available, indicating potential for real-world abuse against exposed phpMoAdmin instances.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2019-19589
Vulnerability details
phpMoAdmin 1.1.5 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized database operations by crafting malicious requests. Attackers can trick authenticated users into submitting GET requests to moadmin.php with parameters like action, db, and collection to create,…
more
drop, or repair databases and collections without user consent.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CSRF in public-facing MongoDB admin web app directly enables exploitation of the application (T1190) to perform unauthorized stored data manipulation and destruction via the victim's authenticated session.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
SI-2 requires timely identification, reporting, and correction of flaws like the CSRF vulnerability in phpMoAdmin 1.1.5, directly eliminating the issue through patching.
SC-23 mandates mechanisms such as anti-CSRF tokens to protect session authenticity, preventing attackers from forging requests that exploit valid user sessions.
SI-10 enforces validation of inputs like action, db, and collection parameters at entry points, blocking unauthorized CSRF-induced database operations.