CVE-2022-23808

MEDIUM NUCLEI

phpMyAdmin <5.1.2 - Code Injection

Title source: llm

Description

An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection.

Exploits (2)

nomisec WRITEUP 115 stars

by dipakpanchal05 · poc

https://github.com/dipakpanchal05/CVE-2022-23808

View Code ZIP pw:eip

inthewild WRITEUP

poc

https://github.com/dipakpanchal456/cve-2022-23808

View Code ZIP pw:eip

Nuclei Templates (1)

phpMyAdmin < 5.1.2 - Cross-Site Scripting

MEDIUMVERIFIEDby cckuailong,daffainfo

Shodan: http.component:"phpmyadmin" || http.title:"phpmyadmin" || cpe:"cpe:2.3:a:phpmyadmin:phpmyadmin"

FOFA: title="phpmyadmin" || body="pma_servername" && body="4.8.4"

References (3)

[Various Sources] https://infosecwriteups.com/exploit-cve-2022-23808-85041c6e5b97

[Patch, Vendor Advisory] https://www.phpmyadmin.net/security/PMASA-2022-2/

[Third Party Advisory] https://security.gentoo.org/glsa/202311-17

Scores

CVSS v3 6.1

EPSS 0.4879

EPSS Percentile 97.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (2)

phpmyadmin/phpmyadmin 5.1.0 - 5.1.2

phpmyadmin/phpmyadmin 5.1.0 - 5.1.2Packagist

Published Jan 22, 2022

Tracked Since Feb 18, 2026