CVE-2022-23808

MEDIUM6.1EPSS 49.4%

Cross-site Scripting in phpmyadmin

發布日:2022/1/28修改日:2024/4/22

也稱為:GHSA-vcwc-6mr9-8m7cBIT-phpmyadmin-2022-23808

描述

An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection.

受影響套件(3)

Bitnami/phpmyadmin>= 5.1.0, < 5.1.2
Debian/phpmyadminfrom 0
Packagist/phpmyadmin/phpmyadmin>= 5.1.0, < 5.1.2

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM6.1	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

參考連結(9)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-23808
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2022-23808
PATCHhttps://github.com/phpmyadmin/phpmyadmin
WEBhttps://github.com/phpmyadmin/phpmyadmin/commit/44eb12f15a562718bbe54c9a16af91ceea335d59
WEBhttps://github.com/phpmyadmin/phpmyadmin/commit/5118acce1dfcdb09cbc0f73927bf51c46feeaf38
WEBhttps://infosecwriteups.com/exploit-cve-2022-23808-85041c6e5b97
WEBhttps://security.gentoo.org/glsa/202311-17
WEBhttps://www.phpmyadmin.net/security/PMASA-2022-2
WEBhttps://www.phpmyadmin.net/security/PMASA-2022-2/