ALT-PU-2022-1767-2 — phpMyAdmin

BDU:2022-01640

MEDIUM5.3

Уязвимость веб-интерфейса веб-приложения для администрирования cистем управления базами данных phpMyAdmin, позволяющая нарушителю получить доступ к конфиденциальной информации

Published: 2022-03-31

CVSS 3.xMEDIUM 5.3

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS 2.0MEDIUM 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N

References

CVE-2022-0813

CVE-2022-0813

HIGH7.5

PhpMyAdmin 5.1.1 and before allows an attacker to retrieve potentially sensitive information by creating invalid requests. This affects the lang parameter, the pma_parameter, and the cookie section.

Published: 2022-03-10Modified: 2024-11-21

CVSS 2.0MEDIUM 5.0

CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS 3.xHIGH 7.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References

CVE-2022-23807

MEDIUM4.3

An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before 5.1.2. A valid user who is already authenticated to phpMyAdmin can manipulate their account to bypass two-factor authentication for future login instances.

Published: 2022-01-22Modified: 2024-11-21

CVSS 2.0MEDIUM 4.0

CVSS:2.0/AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSS 3.xMEDIUM 4.3

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

References

CVE-2022-23808

MEDIUM6.1

An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection.

Published: 2022-01-22Modified: 2025-05-05

CVSS 2.0MEDIUM 4.3

CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS 3.xMEDIUM 6.1

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References

GHSA-8wf2-3ggj-78q9

MEDIUM4.3

Improper Authentication in phpmyadmin

Published: 2022-01-29Modified: 2024-04-22

CVSS 3.xMEDIUM 4.3

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

References

GHSA-vcwc-6mr9-8m7c

MEDIUM6.1

Cross-site Scripting in phpmyadmin

Published: 2022-01-29Modified: 2024-04-22

CVSS 3.xMEDIUM 6.1

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References

GHSA-vx8q-j7h9-vf6q

HIGH7.5

Exposure of Sensitive Information to an Unauthorized Actor in PhpMyAdmin

Published: 2022-03-11Modified: 2024-04-22

CVSS 3.xHIGH 7.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References

Package update phpMyAdmin in branch sisyphus

Closed issues (7)

PhpMyAdmin 5.1.1 and before allows an attacker to retrieve potentially sensitive information by creating invalid requests. This affects the lang parameter, the pma_parameter, and the cookie section.

An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before 5.1.2. A valid user who is already authenticated to phpMyAdmin can manipulate their account to bypass two-factor authentication for future login instances.

An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection.

Improper Authentication in phpmyadmin

Cross-site Scripting in phpmyadmin

Exposure of Sensitive Information to an Unauthorized Actor in PhpMyAdmin