CVE-2013-3239

Name of the Vulnerable Software and Affected Versions phpMyAdmin versions 3.5.x through 3.5.7 phpMyAdmin versions 4.x through 4.0.0-rc2

Description The issue allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file. This can lead to the interpretation of the file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.

Recommendations For phpMyAdmin versions 3.5.x through 3.5.7, update to version 3.5.8 or later. For phpMyAdmin versions 4.x through 4.0.0-rc2, update to version 4.0.0-rc3 or later. As a temporary workaround, consider restricting the use of the SaveDir directory to minimize the risk of exploitation.