CVE-2022-23808

Context

This CVE has been discovered on the database administration panel of PhpMyAdmin version 5.1.1 to 5.1.2.

Due to the vulnerability needing to be authentified into the administration panel, we could not exploit it. However, public details are accessible on the Internet: https://github.com/dipakpanchal05/CVE-2022-23808

Consequences

Cyber-terms

We can trigger an XSS vulnerability (malicious user input that leads to Javascript execution on victim's browser). Exploitation of XSS vulnerability can lead to user impersonation or theft account on the PhpMyAdmin platform.

Managerial terms

An authenticated user could exploit a lack of sanitisazion of user inputs and could impersonate high privilege accounts. Usage of those privilege accounts can lead to indirect financial losses.

For a quick scheme to understand XSS, please refer to :

Remediation

The only way to remediate this vulnerability is upgrading the PhpMyAdmin platform to the latest version.

CVE-2022-23808

Context

Consequences

Cyber-terms

Managerial terms

Remediation

Verwandte Artikel

Wie wird CrowdStrike EDR auf Windows bereitgestellt?Wie wird CrowdStrike MDR bereitgestellt?CVE-2020-35489Password authentication enabledWas ist der Cloud-Scan von Stoïk?

Wie wird CrowdStrike EDR auf Windows bereitgestellt?
Wie wird CrowdStrike MDR bereitgestellt?
CVE-2020-35489
Password authentication enabled
Was ist der Cloud-Scan von Stoïk?