CVE-2013-5029 — Improper Input Validation in Phpmyadmin

CWE-20 — Improper Input Validation7 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

1.7%

top 17.54%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpmyadmin Debian Phpmyadmin Opensuse

Timeline

PublishedAug 19

Latest updateMay 14

Description

phpMyAdmin 3.5.x and 4.0.x before 4.0.5 allows remote attackers to bypass the clickjacking protection mechanism via certain vectors related to Header.class.php.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages4 packages

▶debiandebian/phpmyadmin< phpmyadmin 4:4.0.5-1 (bookworm)

▶Debianphpmyadmin/phpmyadmin< 4:4.0.5-1+3

▶NVDphpmyadmin/phpmyadmin20 versions+19

▶NVDopensuse/opensuse12.2, 12.3+1

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

GHSA

GHSA-wh7g-3gvx-9g4r: phpMyAdmin 3↗2022-05-14

▶

OSV

CVE-2013-5029: phpMyAdmin 3↗2013-08-19

▶

📋Vendor Advisories

Debian

CVE-2013-5029: phpmyadmin - phpMyAdmin 3.5.x and 4.0.x before 4.0.5 allows remote attackers to bypass the cl...↗2013

▶

💬Community

Bugzilla

CVE-2013-5029 phpMyAdmin: ClickJacking protection can be bypassed (PMASA-2013-10) [fedora-all]↗2013-08-06

▶

Bugzilla

CVE-2013-5029 phpMyAdmin: ClickJacking protection can be bypassed (PMASA-2013-10)↗2013-08-06

▶

Bugzilla

CVE-2013-5029 phpMyAdmin: ClickJacking protection can be bypassed (PMASA-2013-10) [epel-all]↗2013-08-06

▶