#VU42654 Input validation error in Opensuse and phpMyAdmin - CVE-2013-5029
Published: August 20, 2013 / Updated: August 10, 2020
Vulnerability identifier: #VU42654
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2013-5029
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Opensuse
phpMyAdmin
Opensuse
phpMyAdmin
Software vendor:
SUSE
phpMyAdmin
SUSE
phpMyAdmin
Description
The vulnerability allows a remote non-authenticated attacker to manipulate data.
phpMyAdmin 3.5.x and 4.0.x before 4.0.5 allows remote attackers to bypass the clickjacking protection mechanism via certain vectors related to Header.class.php.
Remediation
Install update from vendor's website.
External links
- http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00013.html
- http://secunia.com/advisories/54488
- http://www.phpmyadmin.net/home_page/security/PMASA-2013-10.php
- https://github.com/phpmyadmin/phpmyadmin/commit/240b8332db53dedc27baeec5306dabad3bdece3b
- https://github.com/phpmyadmin/phpmyadmin/commit/24d0eb55203b029f250c77d63f2900ffbe099e8b
- https://github.com/phpmyadmin/phpmyadmin/commit/66fe475d4f51b1761719cb0cab360748800373f7
- https://github.com/phpmyadmin/phpmyadmin/commit/da4042fb6c4365dc8187765c3bf525043687c66f