cbcvebase.
CVE-2013-3241
published 2013-04-26

CVE-2013-3241: export.php (aka the export script) in phpMyAdmin 4.x before 4.0.0-rc3 overwrites global variables on the basis of the contents of the POST superglobal array…

PriorityP425medium4CVSS 2.0
AVNACLAuSCNIPAN
EXPLOIT
EPSS
4.19%
89.7th percentile
export.php (aka the export script) in phpMyAdmin 4.x before 4.0.0-rc3 overwrites global variables on the basis of the contents of the POST superglobal array, which allows remote authenticated users to inject values via a crafted request.

Affected

2 ranges
VendorProductVersion rangeFixed in
debianphpmyadmin
phpmyadminphpmyadmin

CVSS provenance

nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:N/I:P/A:N
vendor_debian4.0LOW
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.