CVE-2022-23808

NameCVE-2022-23808
DescriptionAn issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
phpmyadmin (PTS)stretch4:4.6.6-4+deb9u1vulnerable
stretch (security)4:4.6.6-4+deb9u2vulnerable
bullseye4:5.0.4+dfsg2-2vulnerable
bookworm, sid4:5.1.3+dfsg1-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
phpmyadminsource(unstable)4:5.1.3+dfsg1-1unimportant

Notes

https://www.phpmyadmin.net/security/PMASA-2022-2/
https://github.com/phpmyadmin/phpmyadmin/commit/5118acce1dfcdb09cbc0f73927bf51c46feeaf38
https://github.com/phpmyadmin/phpmyadmin/commit/44eb12f15a562718bbe54c9a16af91ceea335d59
https://salsa.debian.org/phpmyadmin-team/phpmyadmin/-/issues/28 (setup not available)

Search for package or bug name: Reporting problems