Home > Vulnerability Database > CVE-2022-23807

Mend.io Vulnerability Database

CVE-2022-23807

Good to know:

Date: January 21, 2022

An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before 5.1.2. A valid user who is already authenticated to phpMyAdmin can manipulate their account to bypass two-factor authentication for future login instances.

Language: PHP

Severity Score

4.3

Related Resources (7)

Url: https://www.phpmyadmin.net/security/PMASA-2022-1

Url: https://www.phpmyadmin.net/security/PMASA-2022-1/

Url: https://github.com/phpmyadmin/phpmyadmin

Url: https://security.gentoo.org/glsa/202311-17

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-23807

Url: https://github.com/phpmyadmin/phpmyadmin/commit/ca54f1db050859eb8555875c6aa5d7796fdf4b32

Url: https://www.mend.io/vulnerability-database/CVE-2022-23807

Severity Score

4.3

Weakness Type (CWE)

Improper Authentication

CWE-287

Top Fix

Upgrade Version

Upgrade to version mehrwert/phpmyadmin - phpmyadmin_3_7_0;mehrwert/phpmyadmin - 6.0.0;mehrwert/phpmyadmin - 5.6.1;phpmyadmin/phpmyadmin - 5.1.2;phpmyadmin/phpmyadmin - 5.1.x-dev;phpmyadmin/phpmyadmin - 4.8.0.1;phpmyadmin/phpmyadmin - 4.9.8;phpmyadmin/phpmyadmin - dev-dependabot/npm_and_yarn/hosted-git-info-2.8.9

Learn More

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	4.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	SINGLE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2022-23807

Good to know:

Date: January 21, 2022

Language: PHP

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?