VDB
CVE-2013-3239
CVE-2013-3239
PUBLISHED
CVSS 4.599999904632568 MEDIUM
phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
EPSS 12.33% · 94.0th percentile
Risk Scores
CVSS 2.0
4.599999904632568
EPSS Score
12.33%
94.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| phpmyadmin | phpmyadmin | 3.5.0 |
| phpmyadmin | phpmyadmin | 3.5.1.0, 3.5.2.1, 3.5.3.0 |
Timeline
- Apr 25, 2013 PoC Published
- Apr 26, 2013 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jun 12, 2023 EPSS Score
References
- MDVSA-2013:160 vendor-advisory
- 20130424 [waraxe-2013-SA#103] - Multiple Vulnerabilities in phpMyAdmin mailing-list
- FEDORA-2013-6928 vendor-advisory
- openSUSE-SU-2013:1065 vendor-advisory
- https://github.com/phpmyadmin/phpmyadmin/commit/1f6bc0b707002e26cab216b9e57b4d5de764de48 url
- FEDORA-2013-6977 vendor-advisory
- http://www.phpmyadmin.net/home_page/security/PMASA-2013-3.php url
- FEDORA-2013-7000 vendor-advisory
- https://github.com/phpmyadmin/phpmyadmin/commit/d3fafdfba0807068196655e9b6d16c5d1d3ccf8a url
- https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0133 url
- https://nvd.nist.gov/vuln/detail/CVE-2013-3239 advisory
- https://github.com/phpmyadmin/phpmyadmin package