Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS12Y3djLTZtcjktOG03Y80l9A
Cross-site Scripting in phpmyadmin
An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection.
Permalink: https://github.com/advisories/GHSA-vcwc-6mr9-8m7cJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12Y3djLTZtcjktOG03Y80l9A
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 3 years ago
Updated: 7 months ago
CVSS Score: 6.1
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Identifiers: GHSA-vcwc-6mr9-8m7c, CVE-2022-23808
References:
- https://nvd.nist.gov/vuln/detail/CVE-2022-23808
- https://www.phpmyadmin.net/security/PMASA-2022-2/
- https://github.com/phpmyadmin/phpmyadmin/commit/44eb12f15a562718bbe54c9a16af91ceea335d59
- https://github.com/phpmyadmin/phpmyadmin/commit/5118acce1dfcdb09cbc0f73927bf51c46feeaf38
- https://infosecwriteups.com/exploit-cve-2022-23808-85041c6e5b97
- https://security.gentoo.org/glsa/202311-17
- https://github.com/advisories/GHSA-vcwc-6mr9-8m7c
Blast Radius: 7.2
Affected Packages
packagist:phpmyadmin/phpmyadmin
Dependent packages: 4Dependent repositories: 15
Downloads: 322,759 total
Affected Version Ranges: >= 5.1.0, < 5.1.2
Fixed in: 5.1.2
All affected versions: 5.1.0, 5.1.1
All unaffected versions: 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7, 4.0.8, 4.0.9, 4.0.10, 4.7.0, 4.7.1, 4.7.2, 4.7.3, 4.7.4, 4.7.5, 4.7.6, 4.7.7, 4.7.8, 4.7.9, 4.8.0, 4.8.1, 4.8.2, 4.8.3, 4.8.4, 4.8.5, 4.9.0, 4.9.1, 4.9.2, 4.9.3, 4.9.4, 4.9.5, 4.9.6, 4.9.7, 4.9.8, 4.9.9, 4.9.10, 4.9.11, 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.1.2, 5.1.3, 5.1.4, 5.2.0, 5.2.1