Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-3238 — Phpmyadmin vulnerability

10 documents6 sources

Severity

6.0MEDIUMNVD

EPSS

64.6%

top 1.54%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Phpmyadmin Debian Phpmyadmin

Timeline

PublishedApr 26

Latest updateMay 17

Description

phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3 allows remote authenticated users to execute arbitrary code via a /e\x00 sequence, which is not properly handled before making a preg_replace function call within the "Replace table prefix" feature.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 6.8 | Impact: 6.4

Affected Packages2 packages

▶debiandebian/phpmyadmin

▶NVDphpmyadmin/phpmyadmin12 versions+11

🔴Vulnerability Details

GHSA

GHSA-6cqw-hv35-68q6: phpMyAdmin 3↗2022-05-17

▶

💥Exploits & PoCs

Exploit-DB

phpMyAdmin - 'preg_replace' (Authenticated) Remote Code Execution (Metasploit)↗2013-05-01

▶

Exploit-DB

phpMyAdmin 3.5.8/4.0.0-RC2 - Multiple Vulnerabilities↗2013-04-25

▶

Metasploit

phpMyAdmin Authenticated Remote Code Execution via preg_replace()↗

▶

📋Vendor Advisories

Debian

CVE-2013-3238: phpmyadmin - phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3 allows remote authenticat...↗2013

▶

💬Community

Bugzilla

CVE-2013-3238 CVE-2013-3239 phpMyAdmin3 various flaws [epel-5]↗2013-04-24

▶

Bugzilla

CVE-2013-3238 phpMyAdmin: remote code execution via preg_replace() (PMASA-2013-2)↗2013-04-24

▶

Bugzilla

CVE-2013-3238 CVE-2013-3239 phpMyAdmin various flaws [epel-6]↗2013-04-24

▶

Bugzilla

CVE-2013-3238 CVE-2013-3239 phpMyAdmin various flaws [fedora-all]↗2013-04-24

▶