CVE-2022-0813: 
PHP vulnerability analysis and mitigation

CVE-2022-0813 is a security vulnerability affecting phpMyAdmin versions 5.1.1 and earlier. The vulnerability was disclosed on March 8, 2022, and allows attackers to retrieve potentially sensitive information by creating invalid requests. The issue specifically affects the lang parameter, the pma_parameter, and the cookie section of phpMyAdmin (NVD, AttackerKB).

The vulnerability has been assigned a CVSS v3 base score of 7.5 (High), with an impact score of 3.6 and exploitability score of 3.9. The attack vector is network-based (AV:N), with low attack complexity (AC:L), requiring no privileges (PR:N) or user interaction (UI:N). The scope is unchanged (S:U), with high impact on confidentiality (C:H) but no impact on integrity (I:N) or availability (A:N) (AttackerKB).

The vulnerability allows attackers to retrieve potentially sensitive information from the affected phpMyAdmin installations. The primary impact is on the confidentiality of the system, as attackers can access sensitive data through invalid requests targeting the lang parameter, pma_parameter, and cookie section (NVD).

The vulnerability has been fixed in phpMyAdmin version 5.2.0. Users are advised to upgrade to this version or later to address the security issue. The fix was initially released in version 5.1.3 as a security hardening improvement (phpMyAdmin, Gentoo).