CVE-2022-0813 — Sensitive Information Exposure in Phpmyadmin

CWE-200 — Sensitive Information Exposure5 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.3%

top 45.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpmyadmin Debian Phpmyadmin

Timeline

PublishedMar 10

Latest updateMar 11

Description

PhpMyAdmin 5.1.1 and before allows an attacker to retrieve potentially sensitive information by creating invalid requests. This affects the lang parameter, the pma_parameter, and the cookie section.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages5 packages

▶debiandebian/phpmyadmin< phpmyadmin 4:5.1.3+dfsg1-1 (bookworm)

▶Packagistphpmyadmin/phpmyadmin< 5.1.3

▶Debianphpmyadmin/phpmyadmin< 4:5.1.3+dfsg1-1+2

▶CVEListV5phpmyadmin/phpmyadmin5.1.1 — 5.1.1

▶NVDphpmyadmin/phpmyadmin5.1.1

🔴Vulnerability Details

OSV

Exposure of Sensitive Information to an Unauthorized Actor in PhpMyAdmin↗2022-03-11

▶

GHSA

Exposure of Sensitive Information to an Unauthorized Actor in PhpMyAdmin↗2022-03-11

▶

OSV

CVE-2022-0813: PhpMyAdmin 5↗2022-03-10

▶

📋Vendor Advisories

Debian

CVE-2022-0813: phpmyadmin - PhpMyAdmin 5.1.1 and before allows an attacker to retrieve potentially sensitive...↗2022

▶