Lucene search

Ubuntu.comUB:CVE-2022-23808

HistoryJan 22, 2022 - 12:00 a.m.

CVE-2022-23808

2022-01-2200:00:00

ubuntu.com

phpmyadmin

setup script

xss

html injection

security issue

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.013

Percentile

86.2%

JSON

An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can
inject malicious code into aspects of the setup script, which can allow XSS
or HTML injection.

OSVersionArchitecturePackageVersionFilename
ubuntu22.04noarchphpmyadmin< anyUNKNOWN
ubuntu24.04noarchphpmyadmin< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	22.04	noarch	phpmyadmin	< any	UNKNOWN
ubuntu	24.04	noarch	phpmyadmin	< any	UNKNOWN

References

github.com/phpmyadmin/phpmyadmin/commit/44eb12f15a562718bbe54c9a16af91ceea335d59

github.com/phpmyadmin/phpmyadmin/commit/5118acce1dfcdb09cbc0f73927bf51c46feeaf38

launchpad.net/bugs/cve/CVE-2022-23808

nvd.nist.gov/vuln/detail/CVE-2022-23808

security-tracker.debian.org/tracker/CVE-2022-23808

www.cve.org/CVERecord?id=CVE-2022-23808

www.phpmyadmin.net/security/PMASA-2022-2/

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.013

Percentile

86.2%

JSON

Related for UB:CVE-2022-23808