{"id":"UBUNTU-CVE-2022-23808","details":"An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection.","modified":"2026-01-20T17:25:07.608259Z","published":"2022-01-22T02:15:00Z","upstream":["CVE-2022-23808"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2022-23808"},{"type":"REPORT","url":"https://www.phpmyadmin.net/security/PMASA-2022-2/"},{"type":"REPORT","url":"https://github.com/phpmyadmin/phpmyadmin/commit/5118acce1dfcdb09cbc0f73927bf51c46feeaf38"},{"type":"REPORT","url":"https://github.com/phpmyadmin/phpmyadmin/commit/44eb12f15a562718bbe54c9a16af91ceea335d59"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2022-23808"}],"affected":[{"package":{"name":"phpmyadmin","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/phpmyadmin@4:5.1.1+dfsg1-5ubuntu1?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["4:5.0.4+dfsg2-2ubuntu5","4:5.1.1+dfsg1-5ubuntu1"],"ecosystem_specific":{"binaries":[{"binary_name":"phpmyadmin","binary_version":"4:5.1.1+dfsg1-5ubuntu1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-23808.json"}},{"package":{"name":"phpmyadmin","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/phpmyadmin@4:5.2.1+dfsg-3?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["4:5.2.1+dfsg-1ubuntu1","4:5.2.1+dfsg-2ubuntu1","4:5.2.1+dfsg-2ubuntu2","4:5.2.1+dfsg-3"],"ecosystem_specific":{"binaries":[{"binary_name":"phpmyadmin","binary_version":"4:5.2.1+dfsg-3"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-23808.json"}},{"package":{"name":"phpmyadmin","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/phpmyadmin@4:5.2.2-really+dfsg-2?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["4:5.2.2-really5.2.2+20250121+dfsg-1","4:5.2.2-really+dfsg-1","4:5.2.2-really+dfsg-2"],"ecosystem_specific":{"binaries":[{"binary_name":"phpmyadmin","binary_version":"4:5.2.2-really+dfsg-2"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-23808.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"},{"type":"Ubuntu","score":"medium"}]}