CVE-2022-23807

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-23807

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-23807.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-23807

Aliases

Downstream

DEBIAN-CVE-2022-23807

UBUNTU-CVE-2022-23807

openSUSE-SU-2023:0047-1

openSUSE-SU-2023:0154-1

openSUSE-SU-2024:11765-1

Related

Published

2022-01-22T02:15:07Z

Modified

2025-09-19T13:46:18.096927Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before 5.1.2. A valid user who is already authenticated to phpMyAdmin can manipulate their account to bypass two-factor authentication for future login instances.

References

Affected packages

Git / github.com/phpmyadmin/phpmyadmin

Affected ranges

Type: GIT
Repo: https://github.com/phpmyadmin/phpmyadmin
Events: Introduced

4ab33481be875d188d5e5c0860dd1499cd92e9d3

Fixed

1a02b323965f9120782ca1a4549096e00c071603

Affected versions

Other

RELEASE_4_9_0

RELEASE_4_9_0_1

RELEASE_4_9_1

RELEASE_4_9_2

RELEASE_4_9_3

RELEASE_4_9_4

RELEASE_4_9_5

RELEASE_4_9_6

RELEASE_4_9_7