Lucene search

[email protected]NVD:CVE-2022-23808

HistoryJan 22, 2022 - 2:15 a.m.

CVE-2022-23808

2022-01-2202:15:07

CWE-79

[email protected]

web.nvd.nist.gov

phpmyadmin

setup script

xss

html injection

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.013

Percentile

86.2%

JSON

An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection.

Affected configurations

Nvd

Node

phpmyadminphpmyadminRange5.1.0–5.1.2

VendorProductVersionCPE
phpmyadminphpmyadmin*cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
phpmyadmin	phpmyadmin	*	cpe:2.3:a:phpmyadmin:phpmyadmin::::::::

References

infosecwriteups.com/exploit-cve-2022-23808-85041c6e5b97

security.gentoo.org/glsa/202311-17

www.phpmyadmin.net/security/PMASA-2022-2/

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.013

Percentile

86.2%

JSON

Related for NVD:CVE-2022-23808

github1 cnvd1 veracode2 osv4 phpmyadmin1 ubuntucve1 githubexploit1 prion1 alpinelinux1 openvas6 nuclei1 cve1 debiancve1 cvelist1 fedora2 mageia1 gentoo1 nessus2