Multiple vulnerabilities in phpMyAdmin
| Risk | Low |
| Patch available | NO |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2013-3238 CVE-2013-3239 CVE-2013-3240 CVE-2013-3241 |
| CWE-ID | CWE-20 CWE-94 CWE-22 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available. Public exploit code for vulnerability #3 is available. Public exploit code for vulnerability #4 is available. |
| Vulnerable software Subscribe |
phpMyAdmin Web applications / Remote management & hosting panels |
| Vendor | phpMyAdmin |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU42864
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:L/PR:/UI:N/S:U/C:L/I:L/A:L/E:F/RL:O/RC:C]
CVE-ID: CVE-2013-3238
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a remote #AU# to read and manipulate data.
phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3 allows remote authenticated users to execute arbitrary code via a /ex00 sequence, which is not properly handled before making a preg_replace function call within the "Replace table prefix" feature.
MitigationInstall update from vendor's website.
Vulnerable software versionsphpMyAdmin: 3.5.0.0 - 4.0.0
CPE2.3- cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.8:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.0:*:*:*:*:*:*:*
http://archives.neohapsis.com/archives/bugtraq/2013-04/0217.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104725.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104770.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104936.html
http://lists.opensuse.org/opensuse-updates/2013-06/msg00181.html
http://www.exploit-db.com/exploits/25136
http://www.mandriva.com/security/advisories?name=MDVSA-2013:160
http://www.phpmyadmin.net/home_page/security/PMASA-2013-2.php
http://github.com/phpmyadmin/phpmyadmin/commit/dedd542cdaf1606ca9aa3f6f8f8adb078d8ad549
http://github.com/phpmyadmin/phpmyadmin/commit/ffa720d90a79c1f33cf4c5a33403d09a67b42a66
http://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0133
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
2) Code Injection
EUVDB-ID: #VU42865
Risk: Low
CVSSv3.1: 3.1 [CVSS:3.1/AV:N/AC:H/PR:/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C]
CVE-ID: CVE-2013-3239
CWE-ID:
CWE-94 - Improper Control of Generation of Code ('Code Injection')
Exploit availability: Yes
DescriptionThe vulnerability allows a remote #AU# to read and manipulate data.
phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
MitigationInstall update from vendor's website.
Vulnerable software versionsphpMyAdmin: 3.5.0.0 - 4.0.0
CPE2.3- cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.8:*:*:*:*:*:*:*
- cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.0:*:*:*:*:*:*:*
http://archives.neohapsis.com/archives/bugtraq/2013-04/0217.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104725.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104770.html
http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104936.html
http://lists.opensuse.org/opensuse-updates/2013-06/msg00181.html
http://www.mandriva.com/security/advisories?name=MDVSA-2013:160
http://www.phpmyadmin.net/home_page/security/PMASA-2013-3.php
http://github.com/phpmyadmin/phpmyadmin/commit/1f6bc0b707002e26cab216b9e57b4d5de764de48
http://github.com/phpmyadmin/phpmyadmin/commit/d3fafdfba0807068196655e9b6d16c5d1d3ccf8a
http://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0133
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
3) Path traversal
EUVDB-ID: #VU42866
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:L/PR:/UI:N/S:U/C:L/I:L/A:L/E:P/RL:U/RC:C]
CVE-ID: CVE-2013-3240
CWE-ID:
CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences in the Export feature in phpMyAdmin 4.x before 4.0.0-rc3. A remote authenticated attacker can send a specially crafted HTTP request and remote authenticated users to read arbitrary files or possibly have unspecified other impact via a parameter that specifies a crafted export type.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsphpMyAdmin: 4.0.0
CPE2.3 External linkshttp://archives.neohapsis.com/archives/bugtraq/2013-04/0217.html
http://www.phpmyadmin.net/home_page/security/PMASA-2013-4.php
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
4) Input validation error
EUVDB-ID: #VU42867
Risk: Low
CVSSv3.1: 1.4 [CVSS:3.1/AV:N/AC:L/PR:/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2013-3241
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a remote #AU# to manipulate data.
export.php (aka the export script) in phpMyAdmin 4.x before 4.0.0-rc3 overwrites global variables on the basis of the contents of the POST superglobal array, which allows remote authenticated users to inject values via a crafted request.
MitigationInstall update from vendor's website.
Vulnerable software versionsphpMyAdmin: 4.0.0
CPE2.3 External linkshttp://archives.neohapsis.com/archives/bugtraq/2013-04/0217.html
http://www.phpmyadmin.net/home_page/security/PMASA-2013-5.php
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
