Lucene search
RootSSV:60768HistoryApr 28, 2013 - 12:00 a.m.
phpMyAdmin 'filename_template' 远程代码执行(CVE-2013-3239)
2013-04-2800:00:00
Root
www.seebug.org
41
EPSS
0.043
Percentile
92.4%
BUGTRAQ ID: 59465
CVE(CAN) ID: CVE-2013-3239
phpmyadmin是MySQL数据库的在线管理工具,主要功能包括在线创建数据表、运行SQL语句、搜索查询数据以及导入导出数据等。
phpMyAdmin 3.5.x、4.x在配置了SaveDir目录后,通过导出文件文件名的双扩展名,经过身份验证的远程用户可以执行任意代码,导致Apache HTTP服务器将此文件解释为可执行文件。例如:.php.sql文件名。
0
phpMyAdmin 3.x
phpMyAdmin 3.5.x
厂商补丁:
phpMyAdmin
phpMyAdmin已经为此发布了一个安全公告(PMASA-2013-3)以及相应补丁:
PMASA-2013-3:PMASA-2013-3
链接:http://www.phpmyadmin.net/home_page/security/PMASA-2013-3.php
补丁下载:
https://github.com/phpmyadmin/phpmyadmin/commit/dedd542cdaf1606ca9aa3f6f8f8adb078d8ad549
https://github.com/phpmyadmin/phpmyadmin/commit/ffa720d90a79c1f33cf4c5a33403d09a67b42a66
Related
cve
cve
CVE-2013-3239
2013-04-26 03:34:23
ubuntucve
ubuntucve
CVE-2013-3239
2013-04-26 00:00:00
nvd
nvd
CVE-2013-3239
2013-04-26 03:34:23
osv
osv
phpMyAdmin Remote Code Execution
2022-05-17 04:58:08
phpmyadmin - security update
2014-07-09 00:00:00
cvelist
cvelist
CVE-2013-3239
2013-04-26 01:00:00
debiancve
debiancve
CVE-2013-3239
2013-04-26 03:34:23
prion
prion
Design/Logic Flaw
2013-04-26 03:34:00
phpmyadmin
phpmyadmin
Locally Saved SQL Dump File Multiple File Extension Remote Code Execution.
2013-04-24 00:00:00
github
github
phpMyAdmin Remote Code Execution
2022-05-17 04:58:08
openvas
openvas
Fedora Update for phpMyAdmin FEDORA-2013-7000
2013-05-13 00:00:00
phpMyAdmin Multiple Security Vulnerabilities (Apr 2013) - Linux
2017-08-16 00:00:00
phpMyAdmin Multiple Security Vulnerabilities (Apr 2013) - Windows
2017-08-16 00:00:00
nessus
nessus
Fedora 18 : phpMyAdmin-3.5.8.1-1.fc18 (2013-6977)
2013-05-10 00:00:00
Mandriva Linux Security Advisory : phpmyadmin (MDVSA-2013:160)
2013-05-04 00:00:00
Fedora 17 : phpMyAdmin-3.5.8.1-1.fc17 (2013-7000)
2013-05-10 00:00:00
securityvulns
securityvulns
[ MDVSA-2013:160 ] phpmyadmin
2013-05-06 00:00:00
[waraxe-2013-SA#103] - Multiple Vulnerabilities in phpMyAdmin
2013-05-06 00:00:00
freebsd
freebsd
phpMyAdmin -- Multiple security vulnerabilities
2013-04-24 00:00:00
fedora
fedora
[SECURITY] Fedora 17 Update: phpMyAdmin-3.5.8.1-1.fc17
2013-05-09 09:58:00
[SECURITY] Fedora 18 Update: phpMyAdmin-3.5.8.1-1.fc18
2013-05-09 10:10:52
[SECURITY] Fedora 19 Update: phpMyAdmin-3.5.8.1-1.fc19
2013-05-09 18:59:18
exploitpack
exploitpack
phpMyAdmin 3.5.84.0.0-RC2 - Multiple Vulnerabilities
2013-04-25 00:00:00
packetstorm
packetstorm
phpMyAdmin 3.5.8 / 4.0.0-RC2 Code Execution / LFI / Overwrite
2013-04-25 00:00:00
debian
debian
phpmyadmin security update
2014-07-09 19:24:32
phpmyadmin security update
2014-07-09 19:24:50
seebug
seebug
phpMyAdmin 3.5.8 and 4.0.0-RC2 - Multiple Vulnerabilities
2014-07-01 00:00:00
exploitdb
exploitdb
phpMyAdmin 3.5.8/4.0.0-RC2 - Multiple Vulnerabilities
2013-04-25 00:00:00
zdt
zdt
phpMyAdmin 3.5.8 and 4.0.0-RC2 - Multiple Vulnerabilities
2013-04-26 00:00:00
gentoo
gentoo
phpMyAdmin: Multiple vulnerabilities
2013-11-04 00:00:00