CVE-2022-23807

An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before 5.1.2. A valid user who is already authenticated to phpMyAdmin can manipulate their account to bypass two-factor authentication for future login instances.

Database specific

{
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "introduced": "4.9"
                },
                {
                    "fixed": "4.9.8"
                },
                {
                    "introduced": "5.1"
                },
                {
                    "fixed": "5.1.2"
                }
            ],
            "source": "DESCRIPTION"
        }
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/23xxx/CVE-2022-23807.json",
    "cna_assigner": "mitre"
}

References

Affected packages

Git / github.com/phpmyadmin/phpmyadmin

Affected ranges

Type

GIT

Repo

https://github.com/phpmyadmin/phpmyadmin

Events

Introduced

4ab33481be875d188d5e5c0860dd1499cd92e9d3

Fixed

1a02b323965f9120782ca1a4549096e00c071603

Introduced

333edd4a793e95a04ee97951ee48807350dca728

Fixed

62563091364a6fcebb67bace94febbd4acdca0f7

Database specific

{
    "extracted_events": [
        {
            "introduced": "4.9.0"
        },
        {
            "fixed": "4.9.8"
        },
        {
            "introduced": "5.1.0"
        },
        {
            "fixed": "5.1.2"
        }
    ],
    "cpe": "cpe:2.3:a:phpmyadmin:phpmyadmin:*:*:*:*:*:*:*:*",
    "source": "CPE_FIELD"
}

Affected versions

Other

RELEASE_4_9_0

RELEASE_4_9_0_1

RELEASE_4_9_1

RELEASE_4_9_2

RELEASE_4_9_3

RELEASE_4_9_4

RELEASE_4_9_5

RELEASE_4_9_6

RELEASE_4_9_7

RELEASE_5_1_0

RELEASE_5_1_1

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-23807.json"