CVE-2013-4729 — Variable Extraction Error in Phpmyadmin

CWE-264 CWE-621 — Variable Extraction Error5 documents4 sources

Severity

5.5MEDIUMNVD

EPSS

0.4%

top 41.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpmyadmin Debian Phpmyadmin

Timeline

PublishedJul 4

Latest updateMay 17

Description

import.php in phpMyAdmin 4.x before 4.0.4.1 does not properly restrict the ability of input data to specify a file format, which allows remote authenticated users to modify the GLOBALS superglobal array, and consequently change the configuration, via a crafted request.

CVSS vector

AV:N/AC:L/C:N/I:P/A:PExploitability: 8.0 | Impact: 4.9

Affected Packages4 packages

▶debiandebian/phpmyadmin< phpmyadmin 4:4.0.4.1-1 (bookworm)

▶Packagistphpmyadmin/phpmyadmin4.0 — 4.0.4.1

▶Debianphpmyadmin/phpmyadmin< 4:4.0.4.1-1+3

▶NVDphpmyadmin/phpmyadmin5 versions+4

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

phpMyAdmin Global variables scope injection vulnerability↗2022-05-17

▶

OSV

phpMyAdmin Global variables scope injection vulnerability↗2022-05-17

▶

OSV

CVE-2013-4729: import↗2013-07-04

▶

📋Vendor Advisories

Debian

CVE-2013-4729: phpmyadmin - import.php in phpMyAdmin 4.x before 4.0.4.1 does not properly restrict the abili...↗2013

▶