CVE-2022-0813: Exposure of Sensitive Information to an Unauthorized Actor

March 10, 2022 (updated November 26, 2023)

PhpMyAdmin 5.1.1 and before allows an attacker to retrieve potentially sensitive information by creating invalid requests. This affects the lang parameter, the pma_parameter, and the cookie section.

References

nvd.nist.gov/vuln/detail/CVE-2022-0813
www.incibe-cert.es/en/early-warning/security-advisories/phpmyadmin-exposure-sensitive-information
www.phpmyadmin.net/news/2022/2/11/phpmyadmin-4910-and-513-are-released/

Detect and mitigate CVE-2022-0813 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →