CVE-2022-23808

CVE Database · CVE-2022-23808

CVE-2022-23808

· MEDIUMModified

CVSS v3.1

6.1

EPSS

7.96%

Published

Jan 21, 2022

Modified

May 5, 2025

Public PoC / Exploit (2)

All weaponized →

NucleiNuclei detection template TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Weaknesses (CWE)

CWE-79CWE-79

Affected Products (1)

phpmyadmin · phpmyadmin (up to 5.1.2)vulnerable

References (6)

https://infosecwriteups.com/exploit-cve-2022-23808-85041c6e5b97

https://security.gentoo.org/glsa/202311-17

https://www.phpmyadmin.net/security/PMASA-2022-2/

PatchVendor Advisory

https://infosecwriteups.com/exploit-cve-2022-23808-85041c6e5b97

https://security.gentoo.org/glsa/202311-17

https://www.phpmyadmin.net/security/PMASA-2022-2/

PatchVendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs