Vulnerability Details : CVE-2013-3241
export.php (aka the export script) in phpMyAdmin 4.x before 4.0.0-rc3 overwrites global variables on the basis of the contents of the POST superglobal array, which allows remote authenticated users to inject values via a crafted request.
Products affected by CVE-2013-3241
- cpe:2.3:a:phpmyadmin:phpmyadmin:4.0.0:rc2:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-3241
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 34 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-3241
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:P/A:N |
8.0
|
2.9
|
NIST |
References for CVE-2013-3241
-
http://archives.neohapsis.com/archives/bugtraq/2013-04/0217.html
-
http://www.phpmyadmin.net/home_page/security/PMASA-2013-5.php
phpMyAdmin - Security - PMASA-2013-5Vendor Advisory
Jump to