ASA-2018-00072 – phpMyAdmin: XSRF/CSRF vulnerability due to application receiving parameters via GET

By deceiving a user to click on a crafted URL, it is possible to perform harmful SQL operations such as renaming databases, creating new tables/routines, deleting designer pages, adding/deleting users, updating user passwords, killing SQL processes, etc.