Information security specialists confirmed the detection of a severe vulnerability in phpMyAdmin, a popular web application that provides MySQL database administration functions, in a very simple way and with an easy-to-operate interface. According to the report, the successful exploitation of these flaws would have allowed threat actors to access confidential records.

Tracked as CVE-2022-0813, this flaw exists due to excessive data output by the application in the “lang” and “pma_parameter” parameters and the cookie section, which would allow remote threat actors to gain unauthorized access to sensitive information on the affected system.

The flaw received a score of 4.6/10 according to the Common Vulnerability Scoring System (CVSS) and its successful exploitation could put victims’ confidential information at risk, say computer security specialists.

According to the report, the vulnerability resides in all versions of phpMyAdmin between v4.9.0 and v5.1.1.

While this issue can be exploited by unauthenticated remote threat actors, so far no active exploitation attempts or the existence of an attack variant associated with this bug have been detected. Still, phpMyAdmin developers recommend users of vulnerable deployments to install the updates as soon as possible.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Information disclosure vulnerability in phpMyAdmin: Update immediately appeared first on Information Security Newspaper | Hacking News.

source

You May Also Like

Vulnerability in Linux distributions allows threat actors to escalate privileges

Cybersecurity specialists report the detection of an authentication bypass flaw in the…

Critical remote code execution vulnerabilities in TP-Link Archer C90 and TL-WA1201 routers

Cybersecurity specialists report the detection of two critical vulnerabilities in some router…

CVE-2021-20026: Command injection vulnerability residing in SonicWall Network Security Manager patched. Update now

Nikita Abramov, a researcher at security firm Positive Technologies, issued an alert…