PhpMyAdmin exposure of sensitive information
PhpMyAdmin version 5.1.1 and before.
INCIBE has coordinated the publication of a vulnerability in phpMyAdmin, with the internal code INCIBE-2022-0636, which has been discovered by Rafael Pedrero.
CVE-2022-0813 has been assigned to this vulnerability. A CVSS v3.1 base score of 5.3 has been calculated; the CVSS vector string is AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N.
This vulnerability has been solved by the phpMyAdmin team in the 5.1.3 version released on 11/02/2022.
PhpMyAdmin 5.1.1 and before allows an attacker to retrieve potentially sensitive information by creating invalid requests. This affects the lang parameter, the pma_parameter, and the cookie section.
CWE-200: exposure of Sensitive Information to an Unauthorized Actor
If you have any information regarding this advisory, please contact INCIBE as indicated in the CVE Assignment and publication section.