Vulnerabilities > CVE-2013-3241 - Unspecified vulnerability in PHPmyadmin 4.0.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
SINGLE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
export.php (aka the export script) in phpMyAdmin 4.x before 4.0.0-rc3 overwrites global variables on the basis of the contents of the POST superglobal array, which allows remote authenticated users to inject values via a crafted request.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | phpMyAdmin 3.5.8 and 4.0.0-RC2 - Multiple Vulnerabilities. CVE-2013-3238,CVE-2013-3239,CVE-2013-3240,CVE-2013-3241. Webapps exploit for php platform |
id | EDB-ID:25003 |
last seen | 2016-02-03 |
modified | 2013-04-25 |
published | 2013-04-25 |
reporter | waraxe |
source | https://www.exploit-db.com/download/25003/ |
title | phpMyAdmin 3.5.8 and 4.0.0-RC2 - Multiple Vulnerabilities |
Nessus
NASL family | CGI abuses |
NASL id | PHPMYADMIN_PMASA_2013_2.NASL |
description | According to its self-identified version number, the phpMyAdmin 3.5.x / 4.0.0 install hosted on the remote web server is earlier than 3.5.8.1 / 4.0.0-rc3 and is, therefore, affected by multiple vulnerabilities: - The |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 66295 |
published | 2013-05-02 |
reporter | This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/66295 |
title | phpMyAdmin 3.5.x < 3.5.8.1 / 4.x < 4.0.0-rc3 Multiple Vulnerabilities (PMASA-2013-2 - PMASA-2013-5 |
code |
|
Packetstorm
data source | https://packetstormsecurity.com/files/download/121411/waraxe-2013-SA103.txt |
id | PACKETSTORM:121411 |
last seen | 2016-12-05 |
published | 2013-04-25 |
reporter | Janek Vind aka waraxe |
source | https://packetstormsecurity.com/files/121411/phpMyAdmin-3.5.8-4.0.0-RC2-Code-Execution-LFI-Overwrite.html |
title | phpMyAdmin 3.5.8 / 4.0.0-RC2 Code Execution / LFI / Overwrite |
Seebug
bulletinFamily exploit description BUGTRAQ ID: 59461 CVE(CAN) ID: CVE-2013-3241 phpmyadmin是MySQL数据库的在线管理工具,主要功能包括在线创建数据表、运行SQL语句、搜索查询数据以及导入导出数据等。 phpMyAdmin 4.0.0-rc3之前版本内的export.php根据POST超全局数组的内容覆盖了全局变量,经过身份验证的远程用户通过特制的请求利用此漏洞注入任意值。 Php script "export.php" line 20: ``` ------------------------[ source code start ]-------------------------------- foreach ($_POST as $one_post_param => $one_post_value) { $GLOBALS[$one_post_param] = $one_post_value; } PMA_Util::checkParameters(array('what', 'export_type')); ------------------------[ source code end ]----------------------------------- ``` 可以看到 遍历覆盖,, phpMyAdmin < 4.0.0-rc3 厂商补丁: phpMyAdmin ---------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.phpmyadmin.net/home_page/security/ https://github.com/phpmyadmin/phpmyadmin/commit/dedd542cdaf1606ca9aa3f6f8f8adb078d8ad549 https://github.com/phpmyadmin/phpmyadmin/commit/ffa720d90a79c1f33cf4c5a33403d09a67b42a66 id SSV:60770 last seen 2017-11-19 modified 2013-04-28 published 2013-04-28 reporter Root title phpMyAdmin '$GLOBALS' 数组未授权访问漏洞(CVE-2013-3241) bulletinFamily exploit description No description provided by source. id SSV:78670 last seen 2017-11-19 modified 2014-07-01 published 2014-07-01 reporter Root source https://www.seebug.org/vuldb/ssvid-78670 title phpMyAdmin 3.5.8 and 4.0.0-RC2 - Multiple Vulnerabilities