A security researcher has published details and proof-of-concept for an unpatched zero-day vulnerability in PHPMyAdmin. The vulnerability claims to be a cross-site request forgery (CSRF) flaw, also known as XSRF, a well-known attack wherein attackers trick authenticated users into executing an unwanted action. The flaw is trivial to exploit because other than knowing the URL of a targeted server, an attacker doesn’t need to know any other information, like the name of the databases.
Source: https://thehackernews.com/2019/09/phpmyadmin-csrf-exploit.html