Lucene search

[email protected]NVD:CVE-2023-25727

HistoryFeb 13, 2023 - 6:15 a.m.

CVE-2023-25727

2023-02-1306:15:11

CWE-79

[email protected]

web.nvd.nist.gov

phpmyadmin

xss

.sql file

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

23.5%

JSON

In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface.

Affected configurations

Nvd

Node

phpmyadminphpmyadminRange<4.9.11

phpmyadminphpmyadminRange5.0.0–5.2.1

VendorProductVersionCPE
phpmyadminphpmyadmin*cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
phpmyadmin	phpmyadmin	*	cpe:2.3:a:phpmyadmin:phpmyadmin::::::::

References

www.phpmyadmin.net/security/PMASA-2023-1/