Published: 26/04/2013 Updated: 19/11/2013

CVSS v2 Base Score: 6 | Impact Score: 6.4 | Exploitability Score: 6.8

VMScore: 610

Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P

phpMyAdmin 3.5.x prior to 3.5.8 and 4.x prior to 4.0.0-rc3 allows remote authenticated users to execute arbitrary code via a /e\x00 sequence, which is not properly handled before making a preg_replace function call within the "Replace table prefix" feature.

Vulnerable Product	Search on Vulmon	Subscribe to Product
phpmyadmin phpmyadmin 3.5.5
phpmyadmin phpmyadmin 3.5.3.0
phpmyadmin phpmyadmin 3.5.7
phpmyadmin phpmyadmin 3.5.4
phpmyadmin phpmyadmin 3.5.8
phpmyadmin phpmyadmin 3.5.2.2
phpmyadmin phpmyadmin 3.5.1.0
phpmyadmin phpmyadmin 3.5.2.1
phpmyadmin phpmyadmin 3.5.6
phpmyadmin phpmyadmin 3.5.0.0
phpmyadmin phpmyadmin 3.5.2.0
phpmyadmin phpmyadmin 4.0.0

phpMyAdmin versions 358 and 400-RC2 suffer from multiple remote code execution, local file inclusion, and array overwrite vulnerabilities ...

[waraxe-2013-SA#103] - Multiple Vulnerabilities in phpMyAdmin =============================================================================== Author: Janek Vind "waraxe" Date: 25 April 2013 Location: Estonia, Tartu Web: wwwwaraxeus/advisory-103html Description of vulnerable software: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ...

## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # web site for more information on licensing and terms of use # metasploitcom/ ## require 'msf/core' class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Explo ...

NVD-CWE-noinfo https://github.com/phpmyadmin/phpmyadmin/commit/dedd542cdaf1606ca9aa3f6f8f8adb078d8ad549 https://github.com/phpmyadmin/phpmyadmin/commit/ffa720d90a79c1f33cf4c5a33403d09a67b42a66 http://www.phpmyadmin.net/home_page/security/PMASA-2013-2.php http://www.mandriva.com/security/advisories?name=MDVSA-2013:160 https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0133 http://lists.opensuse.org/opensuse-updates/2013-06/msg00181.html http://www.exploit-db.com/exploits/25136 http://archives.neohapsis.com/archives/bugtraq/2013-04/0217.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104770.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104725.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104936.html https://nvd.nist.gov https://packetstormsecurity.com/files/121411/phpMyAdmin-3.5.8-4.0.0-RC2-Code-Execution-LFI-Overwrite.html https://www.exploit-db.com/exploits/25003/

CVE-2013-3238

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect