PhpMyAdminPHPMYADMIN:PMASA-2013-5Global variables overwrite in "export.php".
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
35.0%
PMASA-2013-5
Announcement-ID: PMASA-2013-5
Date: 2013-04-24
Summary
Global variables overwrite in “export.php”.
Description
The export script generates global variables from those present in the $$_POST superglobal. This may lead to other exploits in the export script.
Severity
We consider this vulnerability to be serious.
Mitigation factor
This vulnerability can be triggered only by someone who logged in to phpMyAdmin, as the usual token protection prevents non-logged-in users to access the required form.
Affected Versions
phpMyAdmin versions 4.x (prior to 4.0.0-rc3).
Solution
Upgrade to phpMyAdmin 4.0.0-rc3 or newer.
References
Thanks to Janek Vind for reporting this issue.
Assigned CVE ids: CVE-2013-3241
CWE ids: CWE-661
More information
For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.
| CPE | Name | Operator | Version |
|---|---|---|---|
| phpmyadmin | le | 4.0.0-rc3 |
Related
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
35.0%