Skip to main content

Phpmyadmin CVE-2013-3240

MEDIUM
Path Traversal (CWE-22)
2013-04-26 cve@mitre.org
6.5
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:S/C:P/I:P/A:P
Attack Vector
Network
Attack Complexity
Low
Confidentiality
P
Integrity
P
Availability
P

Lifecycle Timeline

1
CVE Published
Apr 26, 2013 - 03:34 cve.org
MEDIUM 6.5

DescriptionCVE.org

Directory traversal vulnerability in the Export feature in phpMyAdmin 4.x before 4.0.0-rc3 allows remote authenticated users to read arbitrary files or possibly have unspecified other impact via a parameter that specifies a crafted export type.

AnalysisAI

Directory traversal vulnerability in the Export feature in phpMyAdmin 4.x before 4.0.0-rc3 allows remote authenticated users to read arbitrary files or possibly have unspecified other impact via a. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Path Traversal (CWE-22), which allows attackers to access files and directories outside the intended path. Directory traversal vulnerability in the Export feature in phpMyAdmin 4.x before 4.0.0-rc3 allows remote authenticated users to read arbitrary files or possibly have unspecified other impact via a parameter that specifies a crafted export type. Affected products include: Phpmyadmin. Version information: before 4.0.0.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate and canonicalize file paths. Use chroot or sandboxing. Reject input containing path separators or '../' sequences.

CVE-2016-5734 CRITICAL POC
9.8 Jul 03

phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x before 4.6.3 does not properly choose delimiters to

CVE-2012-5159 HIGH POC
7.5 Sep 25

phpMyAdmin 3.5.2.2, as distributed by the cdnetworks-kr-1 mirror during an unspecified time frame in 2012, contains an e

CVE-2013-3238 MEDIUM POC
6.0 Apr 26

phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3 allows remote authenticated users to execute arbitrary code via a

CVE-2018-12613 HIGH POC
8.8 Jun 21

An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potentially execute

CVE-2020-22452 CRITICAL POC
9.8 Jan 26

SQL Injection vulnerability in function getTableCreationQuery in CreateAddField.php in phpMyAdmin 5.x before 5.2.0 via t

CVE-2020-26935 CRITICAL POC
9.8 Oct 10

An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. Rated critical severity (CV

CVE-2015-6830 MEDIUM POC
5.0 Sep 14

libraries/plugins/auth/AuthenticationCookie.class.php in phpMyAdmin 4.3.x before 4.3.13.2 and 4.4.x before 4.4.14.1 allo

CVE-2020-22278 HIGH POC
8.8 Nov 04

phpMyAdmin through 5.0.2 allows CSV injection via Export Section. Rated high severity (CVSS 8.8), this vulnerability is

CVE-2020-5504 HIGH POC
8.8 Jan 09

In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. Rated high severity (CV

CVE-2018-10188 HIGH POC
8.8 Apr 19

phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to execute arbitrary SQL statements, related to js/db_ope

CVE-2014-9218 MEDIUM POC
5.0 Dec 08

libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.7, 4.1.x before 4.1.14.8, and 4.2.x before 4.2.13.1 allows re

CVE-2012-5469 HIGH POC
7.5 Dec 20

The Portable phpMyAdmin plugin before 1.3.1 for WordPress allows remote attackers to bypass authentication and obtain ph

Share

CVE-2013-3240 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy