vulnerability
phpMyAdmin: Exposure of Sensitive Information to an Unauthorized Actor (CVE-2022-0813)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:P/I:N/A:N) | Mar 10, 2022 | Mar 14, 2022 | Apr 7, 2026 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
Mar 10, 2022
Added
Mar 14, 2022
Modified
Apr 7, 2026
Description
PhpMyAdmin 5.1.1 and before allows an attacker to retrieve potentially sensitive information by creating invalid requests. This affects the lang parameter, the pma_parameter, and the cookie section.
Solution
phpmyadmin-upgrade-latest
References
- CVE-2022-0813
- https://attackerkb.com/topics/CVE-2022-0813
- CWE-200
- EUVD-EUVD-2022-1557
- https://euvd.enisa.europa.eu/vulnerability/EUVD-2022-1557
- https://security.gentoo.org/glsa/202311-17
- https://www.incibe-cert.es/en/early-warning/security-advisories/phpmyadmin-exposure-sensitive-information
- https://www.phpmyadmin.net/news/2022/2/11/phpmyadmin-4910-and-513-are-released/
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.