CVE-2013-3238

2013-04-2603:34:00

NVD-CWE-noinfo

[email protected]

web.nvd.nist.gov

cve-2013-3238

phpmyadmin

remote code execution

security vulnerability

nvd

6.3 Medium

AI Score

Confidence

High

6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

0.973 High

EPSS

Percentile

99.9%

JSON

phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3 allows remote authenticated users to execute arbitrary code via a /e\x00 sequence, which is not properly handled before making a preg_replace function call within the “Replace table prefix” feature.

CPENameOperatorVersion
phpmyadmin:phpmyadminphpmyadmineq3.5.4
phpmyadmin:phpmyadminphpmyadmineq3.5.2.2
phpmyadmin:phpmyadminphpmyadmineq3.5.6
phpmyadmin:phpmyadminphpmyadmineq3.5.5
phpmyadmin:phpmyadminphpmyadmineq3.5.1.0
phpmyadmin:phpmyadminphpmyadmineq3.5.7
phpmyadmin:phpmyadminphpmyadmineq3.5.8
phpmyadmin:phpmyadminphpmyadmineq3.5.3.0
phpmyadmin:phpmyadminphpmyadmineq3.5.2.1
phpmyadmin:phpmyadminphpmyadmineq4.0.0

CPE	Name	Operator	Version
phpmyadmin:phpmyadmin	phpmyadmin	eq	3.5.4
phpmyadmin:phpmyadmin	phpmyadmin	eq	3.5.2.2
phpmyadmin:phpmyadmin	phpmyadmin	eq	3.5.6
phpmyadmin:phpmyadmin	phpmyadmin	eq	3.5.5
phpmyadmin:phpmyadmin	phpmyadmin	eq	3.5.1.0
phpmyadmin:phpmyadmin	phpmyadmin	eq	3.5.7
phpmyadmin:phpmyadmin	phpmyadmin	eq	3.5.8
phpmyadmin:phpmyadmin	phpmyadmin	eq	3.5.3.0
phpmyadmin:phpmyadmin	phpmyadmin	eq	3.5.2.1
phpmyadmin:phpmyadmin	phpmyadmin	eq	4.0.0