Cross-site request forgery (CSRF) ¶

An attacker would trick a phpMyAdmin user into clicking on a link to provoke some action in phpMyAdmin. This link could either be sent via email or some random website. If successful this the attacker would be able to perform some action with the users privileges.

To mitigate this phpMyAdmin requires a token to be sent on sensitive requests. The idea is that an attacker does not poses the currently valid token to include in the presented link.

The token is regenerated for every login, so it's generally valid only for limited time, what makes it harder for attacker to obtain valid one.