CVE-2022-0813
MEDIUMphpMyAdmin < 5.1.1 and 5.1.2 - Exposure of Sensitive Information via Invalid Requests
Title source: llmDescription
PhpMyAdmin 5.1.1 and before allows an attacker to retrieve potentially sensitive information by creating invalid requests. This affects the lang parameter, the pma_parameter, and the cookie section.
References (3)
Core 3
Core References
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202311-17
Third Party Advisory
https://www.incibe-cert.es/en/early-warning/security-advisories/phpmyadmin-exposure-sensitive-information
Release Notes, Vendor Advisory
https://www.phpmyadmin.net/news/2022/2/11/phpmyadmin-4910-and-513-are-released/
Scores
CVSS v3
5.3
EPSS
0.0032
EPSS Percentile
54.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (2)
phpmyadmin/phpmyadmin
< 5.1.1
phpmyadmin/phpmyadmin
0 - 5.1.3Packagist
Published
Mar 10, 2022
Tracked Since
Feb 18, 2026