CVE-2022-23808
published 2022-01-22CVE-2022-23808: An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML…
PriorityP344medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
7.94%
94.0th percentile
An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | phpmyadmin | < phpmyadmin 4:5.1.3+dfsg1-1 (bookworm) | phpmyadmin 4:5.1.3+dfsg1-1 (bookworm) |
| phpmyadmin | phpmyadmin | >= 0 < 4:5.1.3+dfsg1-1 | 4:5.1.3+dfsg1-1 |
| phpmyadmin | phpmyadmin | >= 0 < 4:5.1.3+dfsg1-1 | 4:5.1.3+dfsg1-1 |
| phpmyadmin | phpmyadmin | >= 0 < 4:5.1.3+dfsg1-1 | 4:5.1.3+dfsg1-1 |
| phpmyadmin | phpmyadmin | >= 5.1.0 < 5.1.2 | 5.1.2 |
| phpmyadmin | phpmyadmin | >= 5.1.0 < 5.1.2 | 5.1.2 |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv6.1MEDIUM
vendor_debian6.1LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Cross-site Scripting in phpmyadmin
osv·2022-01-28
CVE-2022-23808 [MEDIUM] Cross-site Scripting in phpmyadmin
Cross-site Scripting in phpmyadmin
An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection.
GHSA
Cross-site Scripting in phpmyadmin
ghsa·2022-01-28
CVE-2022-23808 [MEDIUM] CWE-79 Cross-site Scripting in phpmyadmin
Cross-site Scripting in phpmyadmin
An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection.
OSV
CVE-2022-23808: An issue was discovered in phpMyAdmin 5
osv·2022-01-22·CVSS 6.1
CVE-2022-23808 [MEDIUM] CVE-2022-23808: An issue was discovered in phpMyAdmin 5
An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection.
CISA ICS
Festo Didactic SE MES PC
cisa_ics·2026-01-27·CVSS 7.5
[HIGH] Festo Didactic SE MES PC
ICS Advisory
##
Festo Didactic SE MES PC
Release DateJanuary 27, 2026
Alert CodeICSA-26-027-02
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
View CSAF
## Summary
MES PCs shipped with Windows 10 come pre-installed with XAMPP. XAMPP is a bundle of third-party open-source applications including the Apache HTTP Server, the MariaDB database and more. From time to time, vulnerabilities in these applications are discovered. These are fixed in newer versions of XAMPP by updating the bundled applications. MES PCs shipped with Windows 10 include a copy of XAMPP which contains around 140 such vulnerabilities listed in this advisory. They can be fixed by replacing XAMPP with Festo Didactic's Factory Control Panel application.
The
Debian
CVE-2022-23808: phpmyadmin - An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject m...
vendor_debian·2022·CVSS 6.1
CVE-2022-23808 [MEDIUM] CVE-2022-23808: phpmyadmin - An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject m...
An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection.
Scope: local
bookworm: resolved (fixed in 4:5.1.3+dfsg1-1)
bullseye: open
forky: resolved (fixed in 4:5.1.3+dfsg1-1)
sid: resolved (fixed in 4:5.1.3+dfsg1-1)
trixie: resolved (fixed in 4:5.1.3+dfsg1-1)
No detection rules found.
Nuclei
phpMyAdmin < 5.1.2 - Cross-Site Scripting
nuclei·CVSS 6.1
CVE-2022-23808 [MEDIUM] phpMyAdmin < 5.1.2 - Cross-Site Scripting
phpMyAdmin alert(document.domain)"
- "Add a new server"
- "phpMyAdmin setup"
condition: and
- type: word
part: header
words:
- "text/html"
- type: status
status:
- 200
# digest: 4a0a004730450221008008b74511d6c9e445768abdc455883199fb135129bfa84af39c78bf437519fe022044090552eb8df966cd259f69eb31b47c6a5dc1be260bb358ff807eac521933c8:922c64590222798bb761d5b6d8e72950
https://infosecwriteups.com/exploit-cve-2022-23808-85041c6e5b97https://security.gentoo.org/glsa/202311-17https://www.phpmyadmin.net/security/PMASA-2022-2/https://infosecwriteups.com/exploit-cve-2022-23808-85041c6e5b97https://security.gentoo.org/glsa/202311-17https://www.phpmyadmin.net/security/PMASA-2022-2/
2022-01-22
Published