PT-2013-4244 · Phpmyadmin · Phpmyadmin

Waraxe

Published

2013-04-26

Updated

2024-06-15

CVE-2013-3238

CVSS v2.0

6.0

Medium

Vector

AV:N/AC:M/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions phpMyAdmin versions 3.5.x through 3.5.7 phpMyAdmin versions 4.x through 4.0.0-rc2

Description The issue allows remote authenticated users to execute arbitrary code via a /ex00 sequence. This sequence is not properly handled before making a preg replace function call within the "Replace table prefix" feature.

Recommendations For phpMyAdmin versions 3.5.x through 3.5.7, update to version 3.5.8 or later. For phpMyAdmin versions 4.x through 4.0.0-rc2, update to version 4.0.0-rc3 or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2013-3238

OPENSUSE-SU-2024:10054-1

Affected Products

Phpmyadmin

PT-2013-4244 · Phpmyadmin · Phpmyadmin

CVE-2013-3238

Related Identifiers

Affected Products

References · 141