CVE-2013-3239

Source
https://nvd.nist.gov/vuln/detail/CVE-2013-3239
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2013-3239.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2013-3239
Aliases
Related
Published
2013-04-26T03:34:23Z
Modified
2024-09-11T02:00:06Z
Summary
[none]
Details

phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir directory is configured, allows remote authenticated users to execute arbitrary code by using a double extension in the filename of an export file, leading to interpretation of this file as an executable file by the Apache HTTP Server, as demonstrated by a .php.sql filename.

References

Affected packages

Debian:11 / phpmyadmin

Package

Name
phpmyadmin
Purl
pkg:deb/debian/phpmyadmin?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4:3.4.11.1-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / phpmyadmin

Package

Name
phpmyadmin
Purl
pkg:deb/debian/phpmyadmin?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4:3.4.11.1-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / phpmyadmin

Package

Name
phpmyadmin
Purl
pkg:deb/debian/phpmyadmin?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4:3.4.11.1-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}