vulnerability

phpMyAdmin: Improper Neutralization of Input During Web Page Generation (CVE-2022-23808)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:N/I:P/A:N)	Jan 22, 2022	Jan 31, 2022	May 21, 2026

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:P/A:N)

Published

Jan 22, 2022

Added

Jan 31, 2022

Modified

May 21, 2026

Description

An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection.

Solution

phpmyadmin-upgrade-latest

References

CVE-2022-23808
https://attackerkb.com/topics/CVE-2022-23808
https://infosecwriteups.com/exploit-cve-2022-23808-85041c6e5b97
https://security.gentoo.org/glsa/202311-17
https://www.phpmyadmin.net/security/PMASA-2022-2/
https://euvd.enisa.europa.eu/vulnerability/EUVD-2022-0704
CWE-79
EUVD-EUVD-2022-0704

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report