{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_security_advisory","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"Security update for phpMyAdmin","title":"Title of the patch"},{"category":"description","text":"This update for phpMyAdmin fixes the following issues:\n\nphpMyAdmin was updated to 5.2.1\n\nThis is a security and bufix release.\n\n* Security:\n\n  - Fix (PMASA-2023-01, CWE-661, boo#1208186, CVE-2023-25727) \n    Fix an XSS attack through the drag-and-drop upload feature.\n\n* Bugfixes:\n\n  - issue #17522 Fix case where the routes cache file is invalid\n  - issue #17506 Fix error when configuring 2FA without XMLWriter or Imagick\n  - issue        Fix blank page when some error occurs\n  - issue #17519 Fix Export pages not working in certain conditions\n  - issue #17496 Fix error in table operation page when partitions are broken\n  - issue #17386 Fix system memory and system swap values on Windows\n  - issue #17517 Fix Database Server panel not getting hidden by ShowServerInfo configuration directive\n  - issue #17271 Fix database names not showing on Processes tab\n  - issue #17424 Fix export limit size calculation\n  - issue #17366 Fix refresh rate popup on Monitor page\n  - issue #17577 Fix monitor charts size on RTL languages\n  - issue #17121 Fix password_hash function incorrectly adding single quotes to password before hashing\n  - issue #17586 Fix statistics not showing for empty databases\n  - issue #17592 Clicking on the New index link on the sidebar does not throw an error anymore\n  - issue #17584 It's now possible to browse a database that includes two % in its name\n  - issue        Fix PHP 8.2 deprecated string interpolation syntax\n  - issue        Some languages are now correctly detected from the HTTP header\n  - issue #17617 Sorting is correctly remembered when $cfg['RememberSorting'] is true\n  - issue #17593 Table filtering now works when action buttons are on the right side of the row\n  - issue #17388 Find and Replace using regex now makes a valid query if no matching result set found\n  - issue #17551 Enum/Set editor will not fail to open when creating a new column\n  - issue #17659 Fix error when a database group is named tables, views, functions, procedures or events\n  - issue #17673 Allow empty values to be inserted into columns\n  - issue #17620 Fix error handling at phpMyAdmin startup for the JS SQL console\n  - issue        Fixed debug queries console broken UI for query time and group count\n  - issue        Fixed escaping of SQL query and errors for the debug console\n  - issue        Fix console toolbar UI when the bookmark feature is disabled and sql debug is enabled\n  - issue #17543 Fix JS error on saving a new designer page\n  - issue #17546 Fix JS error after using save as and open page operation on the designer\n  - issue        Fix PHP warning on GIS visualization when there is only one GIS column\n  - issue #17728 Some select HTML tags will now have the correct UI style\n  - issue #17734 PHP deprecations will only be shown when in a development environment\n  - issue #17369 Fix server error when blowfish_secret is not exactly 32 bytes long\n  - issue #17736 Add utf8mb3 as an alias of utf8 on the charset description page\n  - issue #16418 Fix FAQ 1.44 about manually removing vendor folders\n  - issue #12359 Setup page now sends the Content-Security-Policy headers\n  - issue #17747 The Column Visibility Toggle will not be hidden by other elements\n  - issue #17756 Edit/Copy/Delete row now works when using GROUP BY\n  - issue #17248 Support the UUID data type for MariaDB >= 10.7\n  - issue #17656 Fix replace/change/set table prefix is not working\n  - issue        Fix monitor page filter queries only filtering the first row\n  - issue        Fix 'Link not found!' on foreign columns for tables having no char column to show\n  - issue #17390 Fix 'Create view' modal doesn't show on results and empty results\n  - issue #17772 Fix wrong styles for add button from central columns\n  - issue #17389 Fix HTML disappears when exporting settings to browser's storage\n  - issue #17166 Fix 'Warning: #1287 'X' is deprecated [...] Please use ST_X instead.' on search page\n  - issue        Use jquery-migrate.min.js (14KB) instead of jquery-migrate.min.js (31KB)\n  - issue #17842 Use jquery.validate.min.js (24 KB) instead of jquery.validate.js (50 KB)\n  - issue #17281 Fix links to databases for information_schema.SCHEMATA\n  - issue #17553 Fix Metro theme unreadable links above navigation tree\n  - issue #17553 Metro theme UI fixes and improvements\n  - issue #17553 Fix Metro theme login form with\n  - issue #16042 Exported gzip file of database has first ~73 kB uncompressed and rest is gzip compressed in Firefox\n  - issue #17705 Fix inline SQL query edit FK checkbox preventing submit buttons from working\n  - issue #17777 Fix Uncaught TypeError: Cannot read properties of null (reading 'inline') on datepickers when re-opened\n  - issue        Fix Original theme buttons style and login form width\n  - issue #17892 Fix closing index edit modal and reopening causes it to fire twice\n  - issue #17606 Fix preview SQL modal not working inside 'Add Index' modal\n  - issue        Fix PHP error on adding new column on create table form\n  - issue #17482 Default to 'Full texts' when running explain statements\n  - issue        Fixed Chrome scrolling performance issue on a textarea of an 'export as text' page\n  - issue #17703 Fix datepicker appears on all fields, not just date\n  - issue        Fix space in the tree line when a DB is expanded\n  - issue #17340 Fix 'New Table' page -> 'VIRTUAL' attribute is lost when adding a new column\n  - issue #17446 Fix missing option for STORED virtual column on MySQL and PERSISTENT is not supported on MySQL\n  - issue #17446 Lower the check for virtual columns to MySQL>=5.7.6 nothing is supported on 5.7.5\n  - issue        Fix column names option for CSV Export\n  - issue #17177 Fix preview SQL when reordering columns doesn't work on move columns\n  - issue #15887 Fixed DROP TABLE errors ignored on multi table select for DROP\n  - issue #17944 Fix unable to create a view from tree view button\n  - issue #17927 Fix key navigation between select inputs (drop an old Firefox workaround)\n  - issue #17967 Fix missing icon for collapse all button\n  - issue #18006 Fixed UUID columns can't be moved\n  - issue        Add `spellcheck='false'` to all password fields and some text fields to avoid spell-jacking data leaks\n  - issue        Remove non working 'Analyze Explain at MariaDB.org' button (MariaDB stopped this service)\n  - issue #17229 Add support for Web Authentication API because Chrome removed support for the U2F API\n  - issue #18019 Fix 'Call to a member function fetchAssoc() on bool' with SQL mode ONLY_FULL_GROUP_BY on monitor search logs\n  - issue        Add back UUID and UUID_SHORT to functions on MySQL and all MariaDB versions\n  - issue #17398 Fix clicking on JSON columns triggers update query\n  - issue        Fix silent JSON parse error on upload progress\n  - issue #17833 Fix 'Add Parameter' button not working for Add Routine Screen\n  - issue #17365 Fixed 'Uncaught Error: regexp too big' on server status variables page\n\nUpdate to 5.2.0\n\n* Bugfix\n\n  - issue #16521 Upgrade Bootstrap to version 5\n  - issue #16521 Drop support for Internet Explorer and others\n  - issue        Upgrade to shapefile 3\n  - issue #16555 Bump minimum PHP version to 7.2\n  - issue        Remove the phpseclib dependency\n  - issue        Upgrade Symfony components to version 5.2\n  - issue        Upgrade to Motranslator 4\n  - issue #16005 Improve the performance of the Export logic\n  - issue #16829 Add NOT LIKE %...% operator to Table search\n  - issue #16845 Fixed some links not passing through url.php\n  - issue #16382 Remove apc upload progress method (all upload progress code was removed from the PHP extension)\n  - issue #16974 Replace zxcvbn by zxcvbn-ts\n  - issue #15691 Disable the last column checkbox in the column list dropdown instead of not allowing un-check\n  - issue #16138 Ignore the length of integer types and show a warning on MySQL >= 8.0.18\n  - issue        Add support for the Mroonga engine\n  - issue        Double click column name to directly copy to clipboard\n  - issue #16425 Add DELETE FROM table on table operations page\n  - issue #16482 Add a select all link for table-specific privileges\n  - issue #14276 Add support for account locking\n  - issue #17143 Use composer/ca-bundle to manage the CA cert file\n  - issue #17143 Require the openssl PHP extension\n  - issue #17171 Remove the printview.css file from themes\n  - issue #17203 Redesign the export and the import pages\n  - issue #16197 Replace the master/slave terminology\n  - issue #17257 Replace libraries/vendor_config.php constants with an array\n  - issue        Add the Bootstrap theme\n  - issue #17499 Remove stickyfilljs JavaScript dependency\n\nUpdate to 5.1.3\n\nThis is a security and bufix release.\n\n* Security\n\n  - Fix for boo#1197036 (CVE-2022-0813)\n  - Fix for path disclosure under certain server configurations\n    (if display_errors is on, for instance)\n\n* Bugfix\n\n  - issue #17308 Fix broken pagination links in the navigation sidebar\n  - issue #17331 Fix MariaDB has no support for system variable 'disabled_storage_engines'\n  - issue #17315 Fix unsupported operand types in Results.php when running 'SHOW PROCESSLIST' SQL query\n  - issue #17288 Fixed importing browser settings question box after login when having no pmadb\n  - issue #17288 Fix 'First day of calendar' user override has no effect\n  - issue #17239 Fixed repeating headers are not working\n  - issue #17298 Fixed import of email-adresses or links from ODS results in empty contents\n  - issue #17344 Fixed a type error on ODS import with non string values\n  - issue #17239 Fixed header row show/hide columns buttons on each line after hover are shown on each row\n\nUpdate to 5.1.2\n\nThis is a security and bufix release.\n\n* Security\n\n  - Fix boo#1195017 (CVE-2022-23807, PMASA-2022-1, CWE-661) \n    Two factor authentication bypass\n  - Fix boo#1195018 (CVE-2022-23808, PMASA-2022-2, CWE-661)\n    Multiple XSS and HTML injection attacks in setup script\n\n* Bugfixes\n\n  - Revert a changed to $cfg['CharTextareaRows'] allow values\n    less than 7\n  - Fix encoding of enum and set values on edit value\n  - Fixed possible 'Undefined index: clause_is_unique' error\n  - Fixed some situations where a user is logged out when working\n    with more than one server\n  - Fixed a problem with assigning privileges to a user using the\n    multiselect list when the database name has an underscore\n  - Enable cookie parameter 'SameSite' when the PHP version\n    is 7.3 or newer\n  - Correctly handle the removal of 'innodb_file_format' in\n    MariaDB and MySQL\n\n","title":"Description of the patch"},{"category":"details","text":"openSUSE-2023-47","title":"Patchnames"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"SUSE ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"self","summary":"URL of this CSAF notice","url":"https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2023_0047-1.json"},{"category":"self","summary":"URL for openSUSE-SU-2023:0047-1","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VQ5VVS2CGDQ32RHYLQQZFFFADPEZO6KM/"},{"category":"self","summary":"E-Mail link for openSUSE-SU-2023:0047-1","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VQ5VVS2CGDQ32RHYLQQZFFFADPEZO6KM/"},{"category":"self","summary":"SUSE Bug 1195017","url":"https://bugzilla.suse.com/1195017"},{"category":"self","summary":"SUSE Bug 1195018","url":"https://bugzilla.suse.com/1195018"},{"category":"self","summary":"SUSE Bug 1197036","url":"https://bugzilla.suse.com/1197036"},{"category":"self","summary":"SUSE Bug 1208186","url":"https://bugzilla.suse.com/1208186"},{"category":"self","summary":"SUSE CVE CVE-2022-0813 page","url":"https://www.suse.com/security/cve/CVE-2022-0813/"},{"category":"self","summary":"SUSE CVE CVE-2022-23807 page","url":"https://www.suse.com/security/cve/CVE-2022-23807/"},{"category":"self","summary":"SUSE CVE CVE-2022-23808 page","url":"https://www.suse.com/security/cve/CVE-2022-23808/"},{"category":"self","summary":"SUSE CVE CVE-2023-25727 page","url":"https://www.suse.com/security/cve/CVE-2023-25727/"}],"title":"Security update for phpMyAdmin","tracking":{"current_release_date":"2023-02-15T10:21:02Z","generator":{"date":"2023-02-15T10:21:02Z","engine":{"name":"cve-database.git:bin/generate-csaf.pl","version":"1"}},"id":"openSUSE-SU-2023:0047-1","initial_release_date":"2023-02-15T10:21:02Z","revision_history":[{"date":"2023-02-15T10:21:02Z","number":"1","summary":"Current version"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_version","name":"phpMyAdmin-5.2.1-bp154.2.3.1.noarch","product":{"name":"phpMyAdmin-5.2.1-bp154.2.3.1.noarch","product_id":"phpMyAdmin-5.2.1-bp154.2.3.1.noarch"}},{"category":"product_version","name":"phpMyAdmin-apache-5.2.1-bp154.2.3.1.noarch","product":{"name":"phpMyAdmin-apache-5.2.1-bp154.2.3.1.noarch","product_id":"phpMyAdmin-apache-5.2.1-bp154.2.3.1.noarch"}},{"category":"product_version","name":"phpMyAdmin-lang-5.2.1-bp154.2.3.1.noarch","product":{"name":"phpMyAdmin-lang-5.2.1-bp154.2.3.1.noarch","product_id":"phpMyAdmin-lang-5.2.1-bp154.2.3.1.noarch"}}],"category":"architecture","name":"noarch"},{"branches":[{"category":"product_name","name":"SUSE Package Hub 15 SP4","product":{"name":"SUSE Package Hub 15 SP4","product_id":"SUSE Package Hub 15 SP4"}},{"category":"product_name","name":"openSUSE Leap 15.4","product":{"name":"openSUSE Leap 15.4","product_id":"openSUSE Leap 15.4","product_identification_helper":{"cpe":"cpe:/o:opensuse:leap:15.4"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"phpMyAdmin-5.2.1-bp154.2.3.1.noarch as component of SUSE Package Hub 15 SP4","product_id":"SUSE Package Hub 15 SP4:phpMyAdmin-5.2.1-bp154.2.3.1.noarch"},"product_reference":"phpMyAdmin-5.2.1-bp154.2.3.1.noarch","relates_to_product_reference":"SUSE Package Hub 15 SP4"},{"category":"default_component_of","full_product_name":{"name":"phpMyAdmin-apache-5.2.1-bp154.2.3.1.noarch as component of SUSE Package Hub 15 SP4","product_id":"SUSE Package Hub 15 SP4:phpMyAdmin-apache-5.2.1-bp154.2.3.1.noarch"},"product_reference":"phpMyAdmin-apache-5.2.1-bp154.2.3.1.noarch","relates_to_product_reference":"SUSE Package Hub 15 SP4"},{"category":"default_component_of","full_product_name":{"name":"phpMyAdmin-lang-5.2.1-bp154.2.3.1.noarch as component of SUSE Package Hub 15 SP4","product_id":"SUSE Package Hub 15 SP4:phpMyAdmin-lang-5.2.1-bp154.2.3.1.noarch"},"product_reference":"phpMyAdmin-lang-5.2.1-bp154.2.3.1.noarch","relates_to_product_reference":"SUSE Package Hub 15 SP4"},{"category":"default_component_of","full_product_name":{"name":"phpMyAdmin-5.2.1-bp154.2.3.1.noarch as component of openSUSE Leap 15.4","product_id":"openSUSE Leap 15.4:phpMyAdmin-5.2.1-bp154.2.3.1.noarch"},"product_reference":"phpMyAdmin-5.2.1-bp154.2.3.1.noarch","relates_to_product_reference":"openSUSE Leap 15.4"},{"category":"default_component_of","full_product_name":{"name":"phpMyAdmin-apache-5.2.1-bp154.2.3.1.noarch as component of openSUSE Leap 15.4","product_id":"openSUSE Leap 15.4:phpMyAdmin-apache-5.2.1-bp154.2.3.1.noarch"},"product_reference":"phpMyAdmin-apache-5.2.1-bp154.2.3.1.noarch","relates_to_product_reference":"openSUSE Leap 15.4"},{"category":"default_component_of","full_product_name":{"name":"phpMyAdmin-lang-5.2.1-bp154.2.3.1.noarch as component of openSUSE Leap 15.4","product_id":"openSUSE Leap 15.4:phpMyAdmin-lang-5.2.1-bp154.2.3.1.noarch"},"product_reference":"phpMyAdmin-lang-5.2.1-bp154.2.3.1.noarch","relates_to_product_reference":"openSUSE Leap 15.4"}]},"vulnerabilities":[{"cve":"CVE-2022-0813","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2022-0813"}],"notes":[{"category":"general","text":"PhpMyAdmin 5.1.1 and before allows an attacker to retrieve potentially sensitive information by creating invalid requests. This affects the lang parameter, the pma_parameter, and the cookie section.","title":"CVE description"}],"product_status":{"recommended":["SUSE Package Hub 15 SP4:phpMyAdmin-5.2.1-bp154.2.3.1.noarch","SUSE Package Hub 15 SP4:phpMyAdmin-apache-5.2.1-bp154.2.3.1.noarch","SUSE Package Hub 15 SP4:phpMyAdmin-lang-5.2.1-bp154.2.3.1.noarch","openSUSE Leap 15.4:phpMyAdmin-5.2.1-bp154.2.3.1.noarch","openSUSE Leap 15.4:phpMyAdmin-apache-5.2.1-bp154.2.3.1.noarch","openSUSE Leap 15.4:phpMyAdmin-lang-5.2.1-bp154.2.3.1.noarch"]},"references":[{"category":"external","summary":"CVE-2022-0813","url":"https://www.suse.com/security/cve/CVE-2022-0813"},{"category":"external","summary":"SUSE Bug 1197036 for CVE-2022-0813","url":"https://bugzilla.suse.com/1197036"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Package Hub 15 SP4:phpMyAdmin-5.2.1-bp154.2.3.1.noarch","SUSE Package Hub 15 SP4:phpMyAdmin-apache-5.2.1-bp154.2.3.1.noarch","SUSE Package Hub 15 SP4:phpMyAdmin-lang-5.2.1-bp154.2.3.1.noarch","openSUSE Leap 15.4:phpMyAdmin-5.2.1-bp154.2.3.1.noarch","openSUSE Leap 15.4:phpMyAdmin-apache-5.2.1-bp154.2.3.1.noarch","openSUSE Leap 15.4:phpMyAdmin-lang-5.2.1-bp154.2.3.1.noarch"]}],"scores":[{"cvss_v3":{"baseScore":5.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","version":"3.1"},"products":["SUSE Package Hub 15 SP4:phpMyAdmin-5.2.1-bp154.2.3.1.noarch","SUSE Package Hub 15 SP4:phpMyAdmin-apache-5.2.1-bp154.2.3.1.noarch","SUSE Package Hub 15 SP4:phpMyAdmin-lang-5.2.1-bp154.2.3.1.noarch","openSUSE Leap 15.4:phpMyAdmin-5.2.1-bp154.2.3.1.noarch","openSUSE Leap 15.4:phpMyAdmin-apache-5.2.1-bp154.2.3.1.noarch","openSUSE Leap 15.4:phpMyAdmin-lang-5.2.1-bp154.2.3.1.noarch"]}],"threats":[{"category":"impact","date":"2023-02-15T10:21:02Z","details":"moderate"}],"title":"CVE-2022-0813"},{"cve":"CVE-2022-23807","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2022-23807"}],"notes":[{"category":"general","text":"An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before 5.1.2. A valid user who is already authenticated to phpMyAdmin can manipulate their account to bypass two-factor authentication for future login instances.","title":"CVE description"}],"product_status":{"recommended":["SUSE Package Hub 15 SP4:phpMyAdmin-5.2.1-bp154.2.3.1.noarch","SUSE Package Hub 15 SP4:phpMyAdmin-apache-5.2.1-bp154.2.3.1.noarch","SUSE Package Hub 15 SP4:phpMyAdmin-lang-5.2.1-bp154.2.3.1.noarch","openSUSE Leap 15.4:phpMyAdmin-5.2.1-bp154.2.3.1.noarch","openSUSE Leap 15.4:phpMyAdmin-apache-5.2.1-bp154.2.3.1.noarch","openSUSE Leap 15.4:phpMyAdmin-lang-5.2.1-bp154.2.3.1.noarch"]},"references":[{"category":"external","summary":"CVE-2022-23807","url":"https://www.suse.com/security/cve/CVE-2022-23807"},{"category":"external","summary":"SUSE Bug 1195017 for CVE-2022-23807","url":"https://bugzilla.suse.com/1195017"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Package Hub 15 SP4:phpMyAdmin-5.2.1-bp154.2.3.1.noarch","SUSE Package Hub 15 SP4:phpMyAdmin-apache-5.2.1-bp154.2.3.1.noarch","SUSE Package Hub 15 SP4:phpMyAdmin-lang-5.2.1-bp154.2.3.1.noarch","openSUSE Leap 15.4:phpMyAdmin-5.2.1-bp154.2.3.1.noarch","openSUSE Leap 15.4:phpMyAdmin-apache-5.2.1-bp154.2.3.1.noarch","openSUSE Leap 15.4:phpMyAdmin-lang-5.2.1-bp154.2.3.1.noarch"]}],"scores":[{"cvss_v3":{"baseScore":4.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N","version":"3.1"},"products":["SUSE Package Hub 15 SP4:phpMyAdmin-5.2.1-bp154.2.3.1.noarch","SUSE Package Hub 15 SP4:phpMyAdmin-apache-5.2.1-bp154.2.3.1.noarch","SUSE Package Hub 15 SP4:phpMyAdmin-lang-5.2.1-bp154.2.3.1.noarch","openSUSE Leap 15.4:phpMyAdmin-5.2.1-bp154.2.3.1.noarch","openSUSE Leap 15.4:phpMyAdmin-apache-5.2.1-bp154.2.3.1.noarch","openSUSE Leap 15.4:phpMyAdmin-lang-5.2.1-bp154.2.3.1.noarch"]}],"threats":[{"category":"impact","date":"2023-02-15T10:21:02Z","details":"moderate"}],"title":"CVE-2022-23807"},{"cve":"CVE-2022-23808","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2022-23808"}],"notes":[{"category":"general","text":"An issue was discovered in phpMyAdmin 5.1 before 5.1.2. An attacker can inject malicious code into aspects of the setup script, which can allow XSS or HTML injection.","title":"CVE description"}],"product_status":{"recommended":["SUSE Package Hub 15 SP4:phpMyAdmin-5.2.1-bp154.2.3.1.noarch","SUSE Package Hub 15 SP4:phpMyAdmin-apache-5.2.1-bp154.2.3.1.noarch","SUSE Package Hub 15 SP4:phpMyAdmin-lang-5.2.1-bp154.2.3.1.noarch","openSUSE Leap 15.4:phpMyAdmin-5.2.1-bp154.2.3.1.noarch","openSUSE Leap 15.4:phpMyAdmin-apache-5.2.1-bp154.2.3.1.noarch","openSUSE Leap 15.4:phpMyAdmin-lang-5.2.1-bp154.2.3.1.noarch"]},"references":[{"category":"external","summary":"CVE-2022-23808","url":"https://www.suse.com/security/cve/CVE-2022-23808"},{"category":"external","summary":"SUSE Bug 1195018 for CVE-2022-23808","url":"https://bugzilla.suse.com/1195018"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Package Hub 15 SP4:phpMyAdmin-5.2.1-bp154.2.3.1.noarch","SUSE Package Hub 15 SP4:phpMyAdmin-apache-5.2.1-bp154.2.3.1.noarch","SUSE Package Hub 15 SP4:phpMyAdmin-lang-5.2.1-bp154.2.3.1.noarch","openSUSE Leap 15.4:phpMyAdmin-5.2.1-bp154.2.3.1.noarch","openSUSE Leap 15.4:phpMyAdmin-apache-5.2.1-bp154.2.3.1.noarch","openSUSE Leap 15.4:phpMyAdmin-lang-5.2.1-bp154.2.3.1.noarch"]}],"scores":[{"cvss_v3":{"baseScore":6.1,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N","version":"3.1"},"products":["SUSE Package Hub 15 SP4:phpMyAdmin-5.2.1-bp154.2.3.1.noarch","SUSE Package Hub 15 SP4:phpMyAdmin-apache-5.2.1-bp154.2.3.1.noarch","SUSE Package Hub 15 SP4:phpMyAdmin-lang-5.2.1-bp154.2.3.1.noarch","openSUSE Leap 15.4:phpMyAdmin-5.2.1-bp154.2.3.1.noarch","openSUSE Leap 15.4:phpMyAdmin-apache-5.2.1-bp154.2.3.1.noarch","openSUSE Leap 15.4:phpMyAdmin-lang-5.2.1-bp154.2.3.1.noarch"]}],"threats":[{"category":"impact","date":"2023-02-15T10:21:02Z","details":"moderate"}],"title":"CVE-2022-23808"},{"cve":"CVE-2023-25727","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2023-25727"}],"notes":[{"category":"general","text":"In phpMyAdmin before 4.9.11 and 5.x before 5.2.1, an authenticated user can trigger XSS by uploading a crafted .sql file through the drag-and-drop interface.","title":"CVE description"}],"product_status":{"recommended":["SUSE Package Hub 15 SP4:phpMyAdmin-5.2.1-bp154.2.3.1.noarch","SUSE Package Hub 15 SP4:phpMyAdmin-apache-5.2.1-bp154.2.3.1.noarch","SUSE Package Hub 15 SP4:phpMyAdmin-lang-5.2.1-bp154.2.3.1.noarch","openSUSE Leap 15.4:phpMyAdmin-5.2.1-bp154.2.3.1.noarch","openSUSE Leap 15.4:phpMyAdmin-apache-5.2.1-bp154.2.3.1.noarch","openSUSE Leap 15.4:phpMyAdmin-lang-5.2.1-bp154.2.3.1.noarch"]},"references":[{"category":"external","summary":"CVE-2023-25727","url":"https://www.suse.com/security/cve/CVE-2023-25727"},{"category":"external","summary":"SUSE Bug 1208186 for CVE-2023-25727","url":"https://bugzilla.suse.com/1208186"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Package Hub 15 SP4:phpMyAdmin-5.2.1-bp154.2.3.1.noarch","SUSE Package Hub 15 SP4:phpMyAdmin-apache-5.2.1-bp154.2.3.1.noarch","SUSE Package Hub 15 SP4:phpMyAdmin-lang-5.2.1-bp154.2.3.1.noarch","openSUSE Leap 15.4:phpMyAdmin-5.2.1-bp154.2.3.1.noarch","openSUSE Leap 15.4:phpMyAdmin-apache-5.2.1-bp154.2.3.1.noarch","openSUSE Leap 15.4:phpMyAdmin-lang-5.2.1-bp154.2.3.1.noarch"]}],"scores":[{"cvss_v3":{"baseScore":5.4,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","version":"3.1"},"products":["SUSE Package Hub 15 SP4:phpMyAdmin-5.2.1-bp154.2.3.1.noarch","SUSE Package Hub 15 SP4:phpMyAdmin-apache-5.2.1-bp154.2.3.1.noarch","SUSE Package Hub 15 SP4:phpMyAdmin-lang-5.2.1-bp154.2.3.1.noarch","openSUSE Leap 15.4:phpMyAdmin-5.2.1-bp154.2.3.1.noarch","openSUSE Leap 15.4:phpMyAdmin-apache-5.2.1-bp154.2.3.1.noarch","openSUSE Leap 15.4:phpMyAdmin-lang-5.2.1-bp154.2.3.1.noarch"]}],"threats":[{"category":"impact","date":"2023-02-15T10:21:02Z","details":"moderate"}],"title":"CVE-2023-25727"}]}