Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.6
CVSSv2

CVE-2013-3239

Published: 26/04/2013 Updated: 19/11/2013
CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9
VMScore: 465
Vector: AV:N/AC:H/Au:S/C:P/I:P/A:P
Subscribe to Phpmyadmin

Vulnerability Summary

phpMyAdmin 3.5.x prior to 3.5.8 and 4.x prior to 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.

Vulnerable Product Search on Vulmon Subscribe to Product

phpmyadmin phpmyadmin 3.5.7

phpmyadmin phpmyadmin 3.5.8

phpmyadmin phpmyadmin 3.5.2.1

phpmyadmin phpmyadmin 3.5.2.2

phpmyadmin phpmyadmin 3.5.1.0

phpmyadmin phpmyadmin 3.5.6

phpmyadmin phpmyadmin 3.5.0.0

phpmyadmin phpmyadmin 3.5.5

phpmyadmin phpmyadmin 4.0.0

phpmyadmin phpmyadmin 3.5.2.0

phpmyadmin phpmyadmin 3.5.3.0

phpmyadmin phpmyadmin 3.5.4

Exploits

Exploit DB: phpMyAdmin 3.5.8/4.0.0-RC2 - Multiple Vulnerabilities
[waraxe-2013-SA#103] - Multiple Vulnerabilities in phpMyAdmin =============================================================================== Author: Janek Vind "waraxe" Date: 25 April 2013 Location: Estonia, Tartu Web: wwwwaraxeus/advisory-103html Description of vulnerable software: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ...
Exploit DB: phpMyAdmin 3.5.8 / 4.0.0-RC2 Code Execution / LFI / Overwrite
phpMyAdmin versions 358 and 400-RC2 suffer from multiple remote code execution, local file inclusion, and array overwrite vulnerabilities ...

References

CWE-94https://github.com/phpmyadmin/phpmyadmin/commit/d3fafdfba0807068196655e9b6d16c5d1d3ccf8ahttps://github.com/phpmyadmin/phpmyadmin/commit/1f6bc0b707002e26cab216b9e57b4d5de764de48http://www.phpmyadmin.net/home_page/security/PMASA-2013-3.phphttp://www.mandriva.com/security/advisories?name=MDVSA-2013:160https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0133http://lists.opensuse.org/opensuse-updates/2013-06/msg00181.htmlhttp://archives.neohapsis.com/archives/bugtraq/2013-04/0217.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2013-May/104770.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2013-May/104725.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2013-May/104936.htmlhttps://nvd.nist.govhttps://www.exploit-db.com/exploits/25003/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionfirmwareCVE-2006-4304CVE-2024-32878CVE-2024-31502XSSCVE-2024-3059CVE-2024-33692CVE-2024-3400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook