Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-3240 — Path Traversal in Phpmyadmin

CWE-22 — Path Traversal5 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

4.1%

top 11.47%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Phpmyadmin Debian Phpmyadmin

Timeline

PublishedApr 26

Latest updateMay 17

Description

Directory traversal vulnerability in the Export feature in phpMyAdmin 4.x before 4.0.0-rc3 allows remote authenticated users to read arbitrary files or possibly have unspecified other impact via a parameter that specifies a crafted export type.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages2 packages

▶debiandebian/phpmyadmin

▶NVDphpmyadmin/phpmyadmin4.0.0

🔴Vulnerability Details

GHSA

GHSA-96fj-xvfq-8rxm: Directory traversal vulnerability in the Export feature in phpMyAdmin 4↗2022-05-17

▶

💥Exploits & PoCs

Exploit-DB

phpMyAdmin 3.5.8/4.0.0-RC2 - Multiple Vulnerabilities↗2013-04-25

▶

📋Vendor Advisories

Debian

CVE-2013-3240: phpmyadmin - Directory traversal vulnerability in the Export feature in phpMyAdmin 4.x before...↗2013

▶

Red Hat

CVE-2013-3240: Directory traversal vulnerability in the Export feature in phpMyAdmin 4↗

▶