CVE-2013-5003 — SQL Injection in Phpmyadmin

CWE-89 — SQL Injection5 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

0.4%

top 40.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpmyadmin Debian Phpmyadmin

Timeline

PublishedJul 31

Latest updateMay 17

Description

Multiple SQL injection vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allow remote authenticated users to execute arbitrary SQL commands via (1) the scale parameter to pmd_pdf.php or (2) the pdf_page_number parameter to schema_export.php.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/phpmyadmin< phpmyadmin 4:4.0.4.2-1 (bookworm)

▶Debianphpmyadmin/phpmyadmin< 4:4.0.4.2-1+3

▶NVDphpmyadmin/phpmyadmin18 versions+17

🔴Vulnerability Details

GHSA

GHSA-vf9x-fp9j-gp8c: Multiple SQL injection vulnerabilities in phpMyAdmin 3↗2022-05-17

▶

OSV

CVE-2013-5003: Multiple SQL injection vulnerabilities in phpMyAdmin 3↗2013-07-31

▶

📋Vendor Advisories

Debian

CVE-2013-5003: phpmyadmin - Multiple SQL injection vulnerabilities in phpMyAdmin 3.5.x before 3.5.8.2 and 4....↗2013

▶

💬Community

Bugzilla

CVE-2013-5003 phpMyAdmin: SQL injection leading to 'control user' role privilege escalation (PMASA-2013-15)↗2013-07-29

▶