CVE-2013-5003

Name of the Vulnerable Software and Affected Versions phpMyAdmin versions 3.5.x prior to 3.5.8.2 phpMyAdmin versions 4.0.x prior to 4.0.4.2

Description The issue allows remote authenticated users to execute arbitrary SQL commands. This can be achieved through the scale parameter to "pmd pdf.php" or the pdf page number parameter to "schema export.php".

Recommendations For phpMyAdmin versions 3.5.x prior to 3.5.8.2, update to version 3.5.8.2 or later. For phpMyAdmin versions 4.0.x prior to 4.0.4.2, update to version 4.0.4.2 or later. As a temporary workaround, consider restricting access to the "pmd pdf.php" and "schema export.php" scripts until a patch is applied. Avoid using the scale and pdf page number parameters in the affected scripts until the issue is resolved.