CVE-2019-25453 in phpMoAdmin
Summary
by MITRE • 02/21/2026
phpMoAdmin 1.1.5 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the newdb parameter. Attackers can craft URLs with JavaScript payloads in the newdb parameter of moadmin.php to execute arbitrary code in users' browsers when they visit the malicious link.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 02/21/2026
The vulnerability identified as CVE-2019-25453 affects phpMoAdmin version 1.1.5 and represents a critical reflected cross-site scripting flaw that undermines the security of web applications. This issue resides within the application's handling of user input parameters, specifically the newdb parameter in the moadmin.php file, which fails to properly sanitize or validate incoming data before incorporating it into the application's response. The vulnerability is classified under CWE-79 as a classic reflected cross-site scripting weakness, where malicious input is immediately reflected back to users without adequate sanitization, creating a vector for malicious code execution.
The technical exploitation of this vulnerability occurs through the manipulation of the newdb parameter in the application's URL structure. Attackers can construct malicious URLs containing JavaScript payloads within the newdb parameter, which when executed in the context of a victim's browser session, enables the execution of arbitrary code within the victim's browser environment. This reflected XSS vulnerability operates without requiring authentication, making it particularly dangerous as it can be exploited by anyone who accesses the malicious link. The vulnerability's impact extends beyond simple script injection as it can potentially enable session hijacking, credential theft, or redirection to malicious websites.
The operational impact of CVE-2019-25453 poses significant risks to organizations utilizing phpMoAdmin 1.1.5, as it allows attackers to compromise user sessions and potentially gain unauthorized access to database management interfaces. This vulnerability aligns with ATT&CK technique T1531 which focuses on use of the command and control infrastructure, and T1059 which covers execution through scripting languages. The reflected nature of the vulnerability means that the attack payload is immediately reflected back to the victim's browser, making it particularly effective for social engineering campaigns where attackers can craft convincing malicious URLs. The vulnerability's exploitation can lead to complete browser compromise, allowing attackers to perform actions on behalf of the victim, steal sensitive information, or redirect users to phishing sites.
Organizations should immediately implement multiple layers of defense against this vulnerability, starting with the mandatory upgrade to phpMoAdmin versions that have patched this reflected XSS issue. The mitigation strategy should include input validation and output encoding mechanisms that prevent malicious scripts from being executed in the browser context. Security measures should incorporate Content Security Policy (CSP) headers to restrict script execution and prevent the loading of unauthorized scripts. Additionally, administrators should implement proper parameter sanitization and validation for all user-supplied inputs, particularly in parameters like newdb that are directly reflected in the application's response. The vulnerability demonstrates the importance of following secure coding practices and adhering to OWASP Top Ten security guidelines, specifically addressing the prevention of cross-site scripting vulnerabilities through proper input validation and output encoding techniques.