CVE-2022-23808

MEDIUM NUCLEI

phpMyAdmin <5.1.2 - Code Injection

Title source: llm

Description

An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection.

Exploits (2)

nomisec WRITEUP 115 stars

by dipakpanchal05 · poc

https://github.com/dipakpanchal05/CVE-2022-23808

View Code ZIP pw:eip

inthewild WRITEUP

poc

https://github.com/dipakpanchal456/cve-2022-23808

View Code ZIP pw:eip

Nuclei Templates (1)

phpMyAdmin < 5.1.2 - Cross-Site Scripting

MEDIUMVERIFIEDby cckuailong,daffainfo

Shodan: http.component:"phpmyadmin" || http.title:"phpmyadmin" || cpe:"cpe:2.3:a:phpmyadmin:phpmyadmin"

FOFA: title="phpmyadmin" || body="pma_servername" && body="4.8.4"

References (3)

[Various Sources] https://infosecwriteups.com/exploit-cve-2022-23808-85041c6e5b97

[Patch, Vendor Advisory] https://www.phpmyadmin.net/security/PMASA-2022-2/

[Third Party Advisory] https://security.gentoo.org/glsa/202311-17

Scores

CVSS v3 6.1

EPSS 0.6841

EPSS Percentile 98.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Classification

CWE

CWE-79

Status published

Affected Products (2)

phpmyadmin/phpmyadmin < 5.1.2

phpmyadmin/phpmyadmin < 5.1.2Packagist

Timeline

Published Jan 22, 2022

Tracked Since Feb 18, 2026