PT-2013-5163 · Php · Phpmyadmin
Markus Wulftange
·
Published
2013-07-04
·
Updated
2024-06-15
·
CVE-2013-4729
CVSS v2.0
5.5
Medium
| Vector | AV:N/AC:L/Au:S/C:N/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
phpMyAdmin versions 4.0.0 through 4.0.4
Description
The issue allows remote authenticated users to modify the GLOBALS superglobal array and change the configuration via a crafted request. This is due to the import.php file in phpMyAdmin not properly restricting the ability of input data to specify a file format.
Recommendations
For phpMyAdmin versions 4.0.0 through 4.0.4, update to version 4.0.4.1 or later to resolve the issue.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Phpmyadmin