GHSA-vx8q-j7h9-vf6q

Suggest an improvement
Source
https://github.com/advisories/GHSA-vx8q-j7h9-vf6q
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-vx8q-j7h9-vf6q/GHSA-vx8q-j7h9-vf6q.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-vx8q-j7h9-vf6q
Aliases
Published
2022-03-11T00:02:24Z
Modified
2024-04-22T19:16:05.684150Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
Exposure of Sensitive Information to an Unauthorized Actor in PhpMyAdmin
Details

PhpMyAdmin before 5.1.3 allows an attacker to retrieve potentially sensitive information by creating invalid requests. This affects the lang parameter, the pma_parameter, and the cookie section.

Database specific
{
    "nvd_published_at": "2022-03-10T17:44:00Z",
    "cwe_ids": [
        "CWE-200"
    ],
    "severity": "HIGH",
    "github_reviewed": true,
    "github_reviewed_at": "2022-03-14T22:48:02Z"
}
References

Affected packages

Packagist / phpmyadmin/phpmyadmin

Package

Name
phpmyadmin/phpmyadmin
Purl
pkg:composer/phpmyadmin/phpmyadmin

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.1.3

Affected versions

4.*

4.0.0
4.0.1
4.0.2
4.0.3
4.0.4
4.0.4.1
4.0.4.2
4.0.5
4.0.6
4.0.7
4.0.8
4.0.9
4.0.10
4.0.10.1
4.0.10.2
4.0.10.3
4.0.10.4
4.0.10.5
4.0.10.6
4.0.10.7
4.0.10.8
4.0.10.9
4.7.0
4.7.1
4.7.2
4.7.3
4.7.4
4.7.5
4.7.6
4.7.7
4.7.8
4.7.9
4.8.0
4.8.0.1
4.8.1
4.8.2
4.8.3
4.8.4
4.8.5
4.9.0
4.9.0.1
4.9.1
4.9.2
4.9.3
4.9.4
4.9.5
4.9.6
4.9.7
4.9.8
4.9.9
4.9.10
4.9.11

5.*

5.0.0
5.0.0.1
5.0.1
5.0.2
5.0.3
5.0.4
5.1.0
5.1.1
5.1.2