BIT-phpmyadmin-2022-23808

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/phpmyadmin/BIT-phpmyadmin-2022-23808.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-phpmyadmin-2022-23808

Aliases

CVE-2022-23808
GHSA-vcwc-6mr9-8m7c

Published

2024-03-06T11:01:38.671Z

Modified

2024-03-06T11:25:28.861Z

Summary

[none]

Details

An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection.

Database specific

{
    "cpes": [
        "cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*"
    ],
    "severity": "Medium"
}

References

https://infosecwriteups.com/exploit-cve-2022-23808-85041c6e5b97
https://security.gentoo.org/glsa/202311-17
https://www.phpmyadmin.net/security/PMASA-2022-2/

Affected packages

Bitnami / phpmyadmin

Package

Name: phpmyadmin
Purl: pkg:bitnami/phpmyadmin

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

5.1.0

Fixed

5.1.2