fkie_cve-2013-3238
Vulnerability from fkie_nvd
Published
2013-04-26 03:34
Modified
2024-11-21 01:53
Severity ?
Summary
phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3 allows remote authenticated users to execute arbitrary code via a /e\x00 sequence, which is not properly handled before making a preg_replace function call within the "Replace table prefix" feature.
References
cve@mitre.orghttp://archives.neohapsis.com/archives/bugtraq/2013-04/0217.html
cve@mitre.orghttp://lists.fedoraproject.org/pipermail/package-announce/2013-May/104725.html
cve@mitre.orghttp://lists.fedoraproject.org/pipermail/package-announce/2013-May/104770.html
cve@mitre.orghttp://lists.fedoraproject.org/pipermail/package-announce/2013-May/104936.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-updates/2013-06/msg00181.html
cve@mitre.orghttp://www.exploit-db.com/exploits/25136
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDVSA-2013:160
cve@mitre.orghttp://www.phpmyadmin.net/home_page/security/PMASA-2013-2.php
cve@mitre.orghttps://github.com/phpmyadmin/phpmyadmin/commit/dedd542cdaf1606ca9aa3f6f8f8adb078d8ad549
cve@mitre.orghttps://github.com/phpmyadmin/phpmyadmin/commit/ffa720d90a79c1f33cf4c5a33403d09a67b42a66
cve@mitre.orghttps://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0133
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/bugtraq/2013-04/0217.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104725.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104770.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104936.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2013-06/msg00181.html
af854a3a-2127-422b-91ae-364da2661108http://www.exploit-db.com/exploits/25136
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2013:160
af854a3a-2127-422b-91ae-364da2661108http://www.phpmyadmin.net/home_page/security/PMASA-2013-2.php
af854a3a-2127-422b-91ae-364da2661108https://github.com/phpmyadmin/phpmyadmin/commit/dedd542cdaf1606ca9aa3f6f8f8adb078d8ad549
af854a3a-2127-422b-91ae-364da2661108https://github.com/phpmyadmin/phpmyadmin/commit/ffa720d90a79c1f33cf4c5a33403d09a67b42a66
af854a3a-2127-422b-91ae-364da2661108https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0133
Impacted products
Vendor Product Version
phpmyadmin phpmyadmin 3.5.0.0
phpmyadmin phpmyadmin 3.5.1.0
phpmyadmin phpmyadmin 3.5.2.0
phpmyadmin phpmyadmin 3.5.2.1
phpmyadmin phpmyadmin 3.5.2.2
phpmyadmin phpmyadmin 3.5.3.0
phpmyadmin phpmyadmin 3.5.4
phpmyadmin phpmyadmin 3.5.5
phpmyadmin phpmyadmin 3.5.6
phpmyadmin phpmyadmin 3.5.7
phpmyadmin phpmyadmin 3.5.7
phpmyadmin phpmyadmin 3.5.8
phpmyadmin phpmyadmin 4.0.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2577DB75-9893-4496-B9B8-22F4D7C70D8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BBC76AB-567B-4081-8520-D4BB2211CA91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDFD7186-12C3-4FA6-951E-288063262EAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4E23EA5-8FD8-441A-8CB6-F1E77AA0D73B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5FE1328-F2E1-45C8-80ED-0560DAB666EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC675B47-0373-442E-9BCD-35D79355073C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "96E2C613-B1E9-4DB5-AA7D-165E5093452F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B0E7188-E3DE-4A9C-9B9B-31E7276F74AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E6D5B72-CA57-4054-B002-56C03856D740",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "71325EEA-441A-4D04-85E1-B7627C15ECE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.7:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "EE098CE1-0FA0-48C0-8F9F-CC9150E96C40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:3.5.8:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "56245F7F-C483-42C1-9D30-AA39C3441591",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "B406A721-0075-46C8-A920-3C9602AD667B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3 allows remote authenticated users to execute arbitrary code via a /e\\x00 sequence, which is not properly handled before making a preg_replace function call within the \"Replace table prefix\" feature."
    },
    {
      "lang": "es",
      "value": "phpMyAdmin v3.5.x antes de v3.5.8 y v4.x antes de v4.0.0-RC3 permite a usuarios remotos autenticados ejecutar c\u00f3digo arbitrario a trav\u00e9s de una secuencia /e\\x00, que no se utilizan con cuidado antes de hacer una llamada a la funci\u00f3n preg_replace en el \"Replace table prefix\"."
    }
  ],
  "id": "CVE-2013-3238",
  "lastModified": "2024-11-21T01:53:14.783",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-04-26T03:34:23.440",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2013-04/0217.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104725.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104770.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104936.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00181.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.exploit-db.com/exploits/25136"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:160"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2013-2.php"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/phpmyadmin/phpmyadmin/commit/dedd542cdaf1606ca9aa3f6f8f8adb078d8ad549"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/phpmyadmin/phpmyadmin/commit/ffa720d90a79c1f33cf4c5a33403d09a67b42a66"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0133"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2013-04/0217.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104725.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104770.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104936.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-06/msg00181.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.exploit-db.com/exploits/25136"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:160"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.phpmyadmin.net/home_page/security/PMASA-2013-2.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/phpmyadmin/phpmyadmin/commit/dedd542cdaf1606ca9aa3f6f8f8adb078d8ad549"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/phpmyadmin/phpmyadmin/commit/ffa720d90a79c1f33cf4c5a33403d09a67b42a66"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0133"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.