Home / Early Warning / Security Advisories / PhpMyAdmin exposure of sensitive information

PhpMyAdmin exposure of sensitive information

Publication date: 
03/08/2022
Importance: 
3 - Media
Affected resources: 

PhpMyAdmin version 5.1.1 and before.

Description: 

INCIBE has coordinated the publication of a vulnerability in phpMyAdmin, with the internal code INCIBE-2022-0636, which has been discovered by Rafael Pedrero.

CVE-2022-0813 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.3  has been calculated; the CVSS vector string is AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N.

Solution: 

This vulnerability has been solved by the phpMyAdmin team in the 5.1.3 version released on 11/02/2022.

Detail: 

PhpMyAdmin 5.1.1 and before allows an attacker to retrieve potentially sensitive information by creating invalid requests. This affects the lang parameter, the pma_parameter, and the cookie section.

CWE-200: exposure of Sensitive Information to an Unauthorized Actor

If you have any information regarding this advisory, please contact INCIBE as indicated in the CVE Assignment and publication section.

Encuesta valoración