VDB
CVE-2013-3238
CVE-2013-3238
PUBLISHED
CVSS 6 MEDIUM
phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3 allows remote authenticated users to execute arbitrary code via a /e\x00 sequence, which is not properly handled before making a preg_replace function call within the "Replace table prefix" feature.
EPSS 64.58% · 98.5th percentile
Risk Scores
CVSS 2.0
6
EPSS Score
64.58%
98.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| phpmyadmin | phpmyadmin | 3.5.2.0, 3.5.0.0, 3.5.1.0 |
| n/a | n/a | n/a |
Exploit Intelligence
- CIRCL seen: CVE-2013-3238 (circl-sighting)
- CIRCL seen: CVE-2013-3238 (circl-sighting)
- CIRCL seen: CVE-2013-3238 (circl-sighting)
- openSUSE-SU-2013:1065 (circl)
- http://www.phpmyadmin.net/home_page/security/PMASA-2013-2.php (circl)
- FEDORA-2013-6977 (circl)
- FEDORA-2013-7000 (circl)
- https://github.com/phpmyadmin/phpmyadmin/commit/ffa720d90a79c1f33cf4c5a33403d09a67b42a66 (circl)
- https://github.com/phpmyadmin/phpmyadmin/commit/dedd542cdaf1606ca9aa3f6f8f8adb078d8ad549 (circl)
- https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0133 (circl)
…and 8 more exploits
Timeline
- Apr 25, 2013 PoC Published
- Apr 26, 2013 CVE Published
- Apr 30, 2013 PoC Published
- May 29, 2018 PoC Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
References
- MDVSA-2013:160 vendor-advisory
- 20130424 [waraxe-2013-SA#103] - Multiple Vulnerabilities in phpMyAdmin mailing-list
- FEDORA-2013-6928 vendor-advisory
- 25136 exploit
- openSUSE-SU-2013:1065 vendor-advisory
- FEDORA-2013-6977 vendor-advisory
- FEDORA-2013-7000 vendor-advisory
- https://github.com/phpmyadmin/phpmyadmin/commit/ffa720d90a79c1f33cf4c5a33403d09a67b42a66 url
- https://github.com/phpmyadmin/phpmyadmin/commit/dedd542cdaf1606ca9aa3f6f8f8adb078d8ad549 url
- https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0133 url
- http://www.phpmyadmin.net/home_page/security/PMASA-2013-2.php url
- https://nvd.nist.gov/vuln/detail/CVE-2013-3238 advisory