CVE-2013-3241

Severity

40%

Complexity

80%

Confidentiality

48%

export.php (aka the export script) in phpMyAdmin 4.x before 4.0.0-rc3 overwrites global variables on the basis of the contents of the POST superglobal array, which allows remote authenticated users to inject values via a crafted request.

export.php (aka the export script) in phpMyAdmin 4.x before 4.0.0-rc3 overwrites global variables on the basis of the contents of the POST superglobal array, which allows remote authenticated users to inject values via a crafted request.

CVSS 2.0 Base Score 4. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:P/A:N).

Overview

First reported 11 years ago

2013-04-26 03:34:00

Last updated 11 years ago

2013-11-19 04:48:00

Affected Software

phpMYAdmin 4.0.0 release candidate 2

4.0.0

References

20130424 [waraxe-2013-SA#103] - Multiple Vulnerabilities in phpMyAdmin

http://www.phpmyadmin.net/home_page/security/PMASA-2013-5.php

Vendor Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.