CVE-2022-23807

An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before 5.1.2. A valid user who is already authenticated to phpMyAdmin can manipulate their account to bypass two-factor authentication for future login instances...

Design/Logic Flaw

An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection...

CVE-2022-23808

An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection...

Authentication flaw

An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before 5.1.2. A valid user who is already authenticated to phpMyAdmin can manipulate their account to bypass two-factor authentication for future login instances...

UBUNTU-CVE-2022-23808

An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection...

UBUNTU-CVE-2022-23807

An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before 5.1.2. A valid user who is already authenticated to phpMyAdmin can manipulate their account to bypass two-factor authentication for future login instances...

CVE-2022-23808

An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection...

CVE-2022-23807

An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before 5.1.2. A valid user who is already authenticated to phpMyAdmin can manipulate their account to bypass two-factor authentication for future login instances...

CVE-2022-23808

CVE-2022-23808 affects phpMyAdmin 5.1 and earlier up to 5.1.1, where an attacker can inject code into the setup script, enabling XSS/HTML injection. Versions prior to 5.1.2 are vulnerable; upgrade to 5.1.2+ to mitigate. Public PoC/exploit content exists in third-party repositories (e.g., GitHub) ...

CVE-2022-23808

An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection...

CVE-2022-23807

An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before 5.1.2. A valid user who is already authenticated to phpMyAdmin can manipulate their account to bypass two-factor authentication for future login instances...

phpMyAdmin 授权问题漏洞

phpMyAdmin is a free, web-based MySQL database management tool from the Phpmyadmin team. The tool is capable of creating and deleting databases, creating, deleting, and modifying database tables, executing SQL script commands, and more. A security vulnerability exists in phpMyAdmin, which stems...

CVE-2022-23807

CVE-2022-23807 affects phpMyAdmin: authenticated users can bypass two-factor authentication for future logins. Affected versions are phpMyAdmin 4.9.x before 4.9.8 and 5.1.x before 5.1.2. Exploitation details are not provided beyond the 2FA bypass scenario in the sources. Remediation available in ...

CVE-2022-23808

An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection...

phpMyAdmin 跨站脚本漏洞

phpMyAdmin is a free, web-based MySQL database management tool from the Phpmyadmin team. The tool is capable of creating and deleting databases, creating, deleting and modifying database tables, executing SQL script commands, etc. phpMyAdmin suffers from a cross-site scripting vulnerability that...

CVE-2022-23808

An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection...

CVE-2022-23807

An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before 5.1.2. A valid user who is already authenticated to phpMyAdmin can manipulate their account to bypass two-factor authentication for future login instances...

OpenBMCS 2.4 - Information Disclosure

Exploit Title: OpenBMCS 2.4 - Information Disclosure Exploit Author: LiquidWorm Date: 26/10/2021 OpenBMCS 2.4 Secrets Disclosure Vendor: OPEN BMCS Product web page: https://www.openbmcs.com Affected version: 2.4 Summary: Building Management & Controls System BMCS. No matter what the size of your...

Multiple XSS and HTML injection attacks in setup script

PMASA-2022-2 Announcement-ID: PMASA-2022-2 Date: 2022-01-10 Summary Multiple XSS and HTML injection attacks in setup script Description A series of weaknesses has been discovered that could allow an attacker to inject malicious code in to aspects of the setup script, which can allow XSS or HTML...

Two factor authentication bypass

PMASA-2022-1 Announcement-ID: PMASA-2022-1 Date: 2022-01-10 Summary Two factor authentication bypass Description There is a sequence of actions a valid user can take that will allow them to bypass two factor authentication for that account. A user must first connect to phpMyAdmin presumably using...