SB2013042604 - Multiple vulnerabilities in phpMyAdmin
Published: April 26, 2013 Updated: August 11, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2013-3238)
The vulnerability allows a remote #AU# to read and manipulate data.
phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3 allows remote authenticated users to execute arbitrary code via a /ex00 sequence, which is not properly handled before making a preg_replace function call within the "Replace table prefix" feature.
2) Code Injection (CVE-ID: CVE-2013-3239)
The vulnerability allows a remote #AU# to read and manipulate data.
phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
3) Path traversal (CVE-ID: CVE-2013-3240)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences in the Export feature in phpMyAdmin 4.x before 4.0.0-rc3. A remote authenticated attacker can send a specially crafted HTTP request and remote authenticated users to read arbitrary files or possibly have unspecified other impact via a parameter that specifies a crafted export type.
4) Input validation error (CVE-ID: CVE-2013-3241)
The vulnerability allows a remote #AU# to manipulate data.
export.php (aka the export script) in phpMyAdmin 4.x before 4.0.0-rc3 overwrites global variables on the basis of the contents of the POST superglobal array, which allows remote authenticated users to inject values via a crafted request.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.
References
- http://archives.neohapsis.com/archives/bugtraq/2013-04/0217.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104725.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104770.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104936.html
- http://lists.opensuse.org/opensuse-updates/2013-06/msg00181.html
- http://www.exploit-db.com/exploits/25136
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:160
- http://www.phpmyadmin.net/home_page/security/PMASA-2013-2.php
- https://github.com/phpmyadmin/phpmyadmin/commit/dedd542cdaf1606ca9aa3f6f8f8adb078d8ad549
- https://github.com/phpmyadmin/phpmyadmin/commit/ffa720d90a79c1f33cf4c5a33403d09a67b42a66
- https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0133
- http://www.phpmyadmin.net/home_page/security/PMASA-2013-3.php
- https://github.com/phpmyadmin/phpmyadmin/commit/1f6bc0b707002e26cab216b9e57b4d5de764de48
- https://github.com/phpmyadmin/phpmyadmin/commit/d3fafdfba0807068196655e9b6d16c5d1d3ccf8a
- http://www.phpmyadmin.net/home_page/security/PMASA-2013-4.php
- http://www.phpmyadmin.net/home_page/security/PMASA-2013-5.php