| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 4.5 | $0-$5k | 0.00 |
Summary
A vulnerability was found in phpMyAdmin up to 4.0.0. It has been declared as critical. Affected is an unknown function of the component File Handler. Such manipulation leads to code injection. This vulnerability is documented as CVE-2013-3239. Additionally, an exploit exists. It is recommended to upgrade the affected component.
Details
A vulnerability was found in phpMyAdmin up to 4.0.0 (Database Administration Software) and classified as critical. Affected by this issue is some unknown processing of the component File Handler. The manipulation with an unknown input leads to a code injection vulnerability. Using CWE to declare the problem leads to CWE-94. The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. Impacted is confidentiality, integrity, and availability. CVE summarizes:
phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.
The weakness was released 04/25/2013 by Janek Vind with waraxe as PMASA-2013-3 as confirmed advisory (Website). The advisory is available at phpmyadmin.net. The public release was coordinated with the vendor. This vulnerability is handled as CVE-2013-3239 since 04/22/2013. The exploitation is known to be difficult. The attack may be launched remotely. Required for exploitation is a simple authentication. Technical details are unknown but a public exploit is available. This vulnerability is assigned to T1059 by the MITRE ATT&CK project.
A public exploit has been developed by waraxe and been published immediately after the advisory. The exploit is available at exploit-db.com. It is declared as proof-of-concept. As 0-day the estimated underground price was around $5k-$25k. The vulnerability scanner Nessus provides a plugin with the ID 66364 (Fedora 19 : phpMyAdmin-3.5.8.1-1.fc19 (2013-6928)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Fedora Local Security Checks. The commercial vulnerability scanner Qualys is able to test this issue with plugin 166054 (SUSE Security Update for phpMyAdmin (openSUSE-SU-2013:1065-1)).
Upgrading to version 3.5.8.1 eliminates this vulnerability. A possible mitigation has been published before and not just after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at X-Force (83793), Exploit-DB (25003), Tenable (66364), SecurityFocus (BID 59465†) and OSVDB (92792†). Entries connected to this vulnerability are available at VDB-8547, VDB-8548, VDB-8549 and VDB-63984. If you want to get best quality of vulnerability data, you may have to visit VulDB.
Product
Type
Name
Version
License
Website
- Product: https://www.phpmyadmin.net/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.0VulDB Meta Temp Score: 4.5
VulDB Base Score: 5.0
VulDB Temp Score: 4.5
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Code injectionCWE: CWE-94 / CWE-74 / CWE-707
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Access: Public
Status: Proof-of-Concept
Author: waraxe
Download: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 66364
Nessus Name: Fedora 19 : phpMyAdmin-3.5.8.1-1.fc19 (2013-6928)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
OpenVAS ID: 865611
OpenVAS Name: Fedora Update for phpMyAdmin FEDORA-2013-6977
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Exploit-DB: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Exploit Delay Time: 🔍
Upgrade: phpMyAdmin 3.5.8.1
Timeline
04/22/2013 🔍04/24/2013 🔍
04/24/2013 🔍
04/24/2013 🔍
04/25/2013 🔍
04/25/2013 🔍
04/25/2013 🔍
04/25/2013 🔍
05/02/2013 🔍
05/03/2013 🔍
02/02/2025 🔍
Sources
Product: phpmyadmin.netAdvisory: PMASA-2013-3
Researcher: Janek Vind
Organization: waraxe
Status: Confirmed
Confirmation: 🔍
Coordinated: 🔍
CVE: CVE-2013-3239 (🔍)
GCVE (CVE): GCVE-0-2013-3239
GCVE (VulDB): GCVE-100-8546
X-Force: 83793
SecurityFocus: 59465 - phpMyAdmin 'filename_template' Remote Code Execution Vulnerability
OSVDB: 92792
Vulnerability Center: 39411 - phpMyAdmin 3.5.x Before 3.5.8 Apache HTTP Remote Authenticated Code Execution, Medium
scip Labs: https://www.scip.ch/en/?labs.20161013
See also: 🔍
Entry
Created: 05/03/2013 16:35Updated: 02/02/2025 17:55
Changes: 05/03/2013 16:35 (83), 04/28/2017 18:06 (4), 05/10/2021 09:58 (3), 02/02/2025 17:55 (14)
Complete: 🔍
Committer:
Cache ID: 216::103
If you want to get best quality of vulnerability data, you may have to visit VulDB.
No comments yet. Languages: en.
Please log in to comment.