Information disclosure vulnerability in phpMyAdmin: Update immediately

Information security specialists confirmed the detection of a severe vulnerability in phpMyAdmin, a popular web application that provides MySQL database administration functions, in a very simple way and with an easy-to-operate interface. According to the report, the successful exploitation of these flaws would have allowed threat actors to access confidential records.

Tracked as CVE-2022-0813, this flaw exists due to excessive data output by the application in the “lang” and “pma_parameter” parameters and the cookie section, which would allow remote threat actors to gain unauthorized access to sensitive information on the affected system.

The flaw received a score of 4.6/10 according to the Common Vulnerability Scoring System (CVSS) and its successful exploitation could put victims’ confidential information at risk, say computer security specialists.

According to the report, the vulnerability resides in all versions of phpMyAdmin between v4.9.0 and v5.1.1.

While this issue can be exploited by unauthenticated remote threat actors, so far no active exploitation attempts or the existence of an attack variant associated with this bug have been detected. Still, phpMyAdmin developers recommend users of vulnerable deployments to install the updates as soon as possible.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.