phpMyAdmin is a PHP application designed to handle administration of MySQL or MariaDB through a web interface. A Cross Site Request Forgery (CSRF) vulnerability has been found in phpMyAdmin version prior to 4.7.7. A remote attacker could entice a targeted web administrator to open a specially crafted URL to exploit the vulnerability.
A successful attack could lead to unauthorised database operations on an affected system.
The product vendor has released version 4.7.7 to address the issue at the vendor's website:
https://files.phpmyadmin.net/phpMyAdmin/4.7.7/phpMyAdmin-4.7.7-all-languages.zip
System administrators may contact their product support vendors for the fix and assistance.
https://www.phpmyadmin.net/security/PMASA-2017-9/
https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)