CVE-2022-23808

NameCVE-2022-23808
DescriptionAn issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
phpmyadmin (PTS)jessie, jessie (lts)4:4.2.12-2+deb8u12vulnerable
stretch (security)4:4.6.6-4+deb9u2vulnerable
stretch (lts), stretch4:4.6.6-4+deb9u3vulnerable
bullseye4:5.0.4+dfsg2-2+deb11u1vulnerable
bookworm4:5.2.1+dfsg-1fixed
sid, trixie4:5.2.2-really5.2.2+20241130+dfsg-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
phpmyadminsource(unstable)4:5.1.3+dfsg1-1unimportant

Notes

https://www.phpmyadmin.net/security/PMASA-2022-2/
https://github.com/phpmyadmin/phpmyadmin/commit/5118acce1dfcdb09cbc0f73927bf51c46feeaf38
https://github.com/phpmyadmin/phpmyadmin/commit/44eb12f15a562718bbe54c9a16af91ceea335d59
https://salsa.debian.org/phpmyadmin-team/phpmyadmin/-/issues/28 (setup not available)

Search for package or bug name: Reporting problems