CVE-2013-5003

2013-07-3113:20:00

CWE-89

[email protected]

web.nvd.nist.gov

cve

2013

5003

sql injection

phpmyadmin

6.9 Medium

AI Score

Confidence

High

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

52.9%

JSON

Multiple SQL injection vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allow remote authenticated users to execute arbitrary SQL commands via (1) the scale parameter to pmd_pdf.php or (2) the pdf_page_number parameter to schema_export.php.

CPENameOperatorVersion
phpmyadmin:phpmyadminphpmyadmineq3.5.4
phpmyadmin:phpmyadminphpmyadmineq3.5.2.2
phpmyadmin:phpmyadminphpmyadmineq3.5.6
phpmyadmin:phpmyadminphpmyadmineq3.5.5
phpmyadmin:phpmyadminphpmyadmineq3.5.8
phpmyadmin:phpmyadminphpmyadmineq3.5.1.0
phpmyadmin:phpmyadminphpmyadmineq3.5.7
phpmyadmin:phpmyadminphpmyadmineq3.5.3.0
phpmyadmin:phpmyadminphpmyadmineq3.5.2.1
phpmyadmin:phpmyadminphpmyadmineq3.5.2.0

CPE	Name	Operator	Version
phpmyadmin:phpmyadmin	phpmyadmin	eq	3.5.4
phpmyadmin:phpmyadmin	phpmyadmin	eq	3.5.2.2
phpmyadmin:phpmyadmin	phpmyadmin	eq	3.5.6
phpmyadmin:phpmyadmin	phpmyadmin	eq	3.5.5
phpmyadmin:phpmyadmin	phpmyadmin	eq	3.5.8
phpmyadmin:phpmyadmin	phpmyadmin	eq	3.5.1.0
phpmyadmin:phpmyadmin	phpmyadmin	eq	3.5.7
phpmyadmin:phpmyadmin	phpmyadmin	eq	3.5.3.0
phpmyadmin:phpmyadmin	phpmyadmin	eq	3.5.2.1
phpmyadmin:phpmyadmin	phpmyadmin	eq	3.5.2.0