Lucene search

GoogleOSV:BIT-PHPMYADMIN-2022-23808

HistoryMar 06, 2024 - 11:01 a.m.

BIT-phpmyadmin-2022-23808

2024-03-0611:01:38

Google

osv.dev

phpmyadmin

version 5.1.2

setup script

xss

html injection

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.1

Confidence

High

EPSS

0.013

Percentile

86.2%

JSON

An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection.

References

infosecwriteups.com/exploit-cve-2022-23808-85041c6e5b97

security.gentoo.org/glsa/202311-17

www.phpmyadmin.net/security/PMASA-2022-2/

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6.1

Confidence

High

EPSS

0.013

Percentile

86.2%

JSON

Related for OSV:BIT-PHPMYADMIN-2022-23808