Home > Vulnerability Database > CVE-2022-23808

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2022-23808

Good to know:

Date: January 21, 2022

An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection.

Language: PHP

Severity Score

6.1

Related Resources (9)

Url: https://www.phpmyadmin.net/security/PMASA-2022-2/

Url: https://www.phpmyadmin.net/security/PMASA-2022-2

Url: https://github.com/phpmyadmin/phpmyadmin/commit/5118acce1dfcdb09cbc0f73927bf51c46feeaf38

Url: https://github.com/phpmyadmin/phpmyadmin

Url: https://github.com/phpmyadmin/phpmyadmin/commit/44eb12f15a562718bbe54c9a16af91ceea335d59

Url: https://infosecwriteups.com/exploit-cve-2022-23808-85041c6e5b97

Url: https://security.gentoo.org/glsa/202311-17

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-23808

Url: https://www.mend.io/vulnerability-database/CVE-2022-23808

Severity Score

6.1

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

Top Fix

Upgrade Version

Upgrade to version RELEASE_5_1_2

CVSS v3.1

Base Score:	6.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Do you need more information?

Contact Us